MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f1c3cf63de4ed1f73666aef9032ac58d0fe4af4cb6195028e98cbe95cc6c1d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f1c3cf63de4ed1f73666aef9032ac58d0fe4af4cb6195028e98cbe95cc6c1d3
SHA3-384 hash: a7a772f21ecbd1e1bf5687ae34299e4629f37cc1c5430babe6d9963685af7db340a1599f66d4203af8609b9920edb3a8
SHA1 hash: 296dcd44ee5fe40e746c705a5b83022b98b407d5
MD5 hash: 0a35ea7e75d8e14029c763b4e80afc6d
humanhash: seven-single-pasta-romeo
File name:dfg90erhj34h0g0dfg0cvcv00340sfsdf84fdcv9bv0cv03dfiu3200fdsf23sdfvb90cvb90030gdfg0cvb09c0b0.hta
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:196'420 bytes
First seen:2025-10-22 17:30:29 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 6:q43taxtWKe6mEZbLjksmFWZT32g+V1X64mEF29chLYOoeMw5MWXfGu:Tgx0KhbLjvl29DrF2ILqeMx8Gu
TLSH T1741426233D265EA680321BB685FDA87CA1A64611528E2B32359D08077F45A575C8258F
Magika html
Reporter abuse_ch
Tags:hta RemcosRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68f914e3ad6ce0f5ad40b778
Tags:
n/a
Result
Verdict:
Clean
File Type:
HTA File
Link:
https://app.docguard.net/3f1c3cf63de4ed1f73666aef9032ac58d0fe4af4cb6195028e98cbe95cc6c1d3/results/dashboard
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/3f1c3cf63de4ed1f73666aef9032ac58d0fe4af4cb6195028e98cbe95cc6c1d3
Verdict:
Clean
File Type:
hta
First seen:
2025-10-22T14:55:00Z UTC
Last seen:
2025-10-22T15:14:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/3f1c3cf63de4ed1f73666aef9032ac58d0fe4af4cb6195028e98cbe95cc6c1d3/results?tab=lookup
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/1800044
Behaviour
Behavior Graph:
n/a
Score:
4%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/3f1c3cf63de4ed1f73666aef9032ac58d0fe4af4cb6195028e98cbe95cc6c1d3
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Html
Link:
https://app.malva.re/file/0a35ea7e75d8e14029c763b4e80afc6d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f1c3cf63de4ed1f73666aef9032ac58d0fe4af4cb6195028e98cbe95cc6c1d3/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/3f1c3cf63de4ed1f73666aef9032ac58d0fe4af4cb6195028e98cbe95cc6c1d3
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-10-22 17:37:54 UTC
File Type:
Text (HTML)
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h4odz5r54twr643gnlxzamvmldip4sxuznqzkauotdf6sxggyhjq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/251022-v3ytkafx9d/
Behaviour
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3f1c3cf63de4ed1f73666aef9032ac58d0fe4af4cb6195028e98cbe95cc6c1d3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RemcosRAT

HTML Application (hta) hta 3f1c3cf63de4ed1f73666aef9032ac58d0fe4af4cb6195028e98cbe95cc6c1d3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3682279/
  
Delivery method
Distributed via web download

Comments