MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ba05853301c1c62eb44cd890f5918f9ab738c4e28716cf3eb4eaa50a15f390d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ba05853301c1c62eb44cd890f5918f9ab738c4e28716cf3eb4eaa50a15f390d
SHA3-384 hash: 05891d3b49da95c4caeb87168f137ced0aa04692ec2e909dd7c84e87410f50c0a0c650069430002bea2e9a043e943502
SHA1 hash: f43d883d8782ac13b4d752bfd955f7c5b4e413b5
MD5 hash: 5465d7a94e03e3762a65ac0c64001ac1
humanhash: twelve-helium-tennis-muppet
File name:greatthingswithbestfuturethingsgoodformebetter.hta
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'936 bytes
First seen:2025-06-27 13:02:25 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 48:tgEqSfWdGz+QjN+jO/jXjpjbjv4j9jR8wKRjmHCO:xfWd4NIObTpf2FoU
TLSH T1A9416E159C0E878C03711FEB28BA8115F5EC89E38539EC24754E84769F34BDF95E8649
Magika vba
Reporter JAMESWT_WT
Tags:hta newstartnewjournyevamygirllovesalotwithm-duckdns-org RemcosRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.HTA.Agent-E.4243.30629.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685e969a37c3436779468d61
Tags:
obfuscate xtreme virus
Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/1ba05853301c1c62eb44cd890f5918f9ab738c4e28716cf3eb4eaa50a15f390d/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/1ba05853301c1c62eb44cd890f5918f9ab738c4e28716cf3eb4eaa50a15f390d
Score:
3%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/1ba05853301c1c62eb44cd890f5918f9ab738c4e28716cf3eb4eaa50a15f390d
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Html
Link:
https://app.malva.re/file/5465d7a94e03e3762a65ac0c64001ac1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ba05853301c1c62eb44cd890f5918f9ab738c4e28716cf3eb4eaa50a15f390d/
Threat name:
Document-HTML.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2025-06-12 14:02:00 UTC
File Type:
Text (HTML)
Extracted files:
1
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=doqfquzqdqogf22ezweq6wiy7gvxhdcofbywz47lj2vfbik7hegq._file
Result
Malware family:
remcos
Create hunting rule
Score:
  10/10
Tags:
family:remcos botnet:evangle discovery execution rat
Link:
https://tria.ge/reports/250627-qadkpsy1dz/
Behaviour
Delays execution with timeout.exe
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Checks computer location settings
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Remcos
Remcos family
Malware Config
C2 Extraction:
newstartnewjournyevamygirllovesalotwithm.duckdns.org:14646
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1ba05853301c1c62eb44cd890f5918f9ab738c4e28716cf3eb4eaa50a15f390d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments