MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 49cdd7de1221f673cbf2cf8c51c3e2728984352e5964cae1b3010740e236eb46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	49cdd7de1221f673cbf2cf8c51c3e2728984352e5964cae1b3010740e236eb46
SHA3-384 hash:	2e720ca93c5db62f8ce6ef13c64a597ba1c73ba6dbe76f16cc48e1c41d6764f5f2f96a52d1ec5f03ea080be89ab9081c
SHA1 hash:	d8cc994dbd0af0f078377d884ca594ad17b997a7
MD5 hash:	74efa7497a26b6d84b3fc05c92ba272e
humanhash:	eight-leopard-ack-mirror
File name:	74efa7497a26b6d84b3fc05c92ba272e.exe
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	141'553 bytes
First seen:	2021-07-10 08:06:51 UTC
Last seen:	2021-07-10 08:39:13 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	3072:7H8L123BjQNWewAsAYu7t1UNsISClSwBidtqmBIuPSbWT5ieKiwb6ooa1hhiQ:7H8Lyh5Wt60IaBTFKiwb6ooaX
TLSH	T179D35C3AF5C1C83BC1629D78DD0A9158F419BEE13E1824477BED9D899B3F39275280C6
Reporter	abuse_ch
Tags:	exe RAT RemcosRAT

Intelligence

File Origin

# of uploads :

2

# of downloads :

281

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

74efa7497a26b6d84b3fc05c92ba272e.exe

Verdict:

No threats detected

Analysis date:

2021-07-10 08:09:16 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0e2728a0-5cc4-4776-ac08-c4ae6514c50a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/170782/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware1.22447.25331.UNOFFICIAL

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/fe254b91-b96d-4f2a-bedf-89b2f3cd4cc4

Result

Threat name:

Unknown

Detection:

unknown

Classification:

n/a

Score:

1 / 100

Link:

https://www.joesandbox.com/analysis/814294

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/49cdd7de1221f673cbf2cf8c51c3e2728984352e5964cae1b3010740e236eb46/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jhg5pxqseh3hhs7sz6gfdq7cokeyinjolfsmvyntaedubyrw5nda._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210710-3rzv1a1cn6/

Unpacked files

SH256 hash:

49cdd7de1221f673cbf2cf8c51c3e2728984352e5964cae1b3010740e236eb46

MD5 hash:

74efa7497a26b6d84b3fc05c92ba272e

SHA1 hash:

d8cc994dbd0af0f078377d884ca594ad17b997a7

Link:

https://www.unpac.me/results/7fc7eb42-3036-49aa-8614-268f7d81c0ae/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.30

Link:

https://yomi.yoroi.company/submissions/49cdd7de1221f673cbf2cf8c51c3e2728984352e5964cae1b3010740e236eb46

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 49cdd7de1221f673cbf2cf8c51c3e2728984352e5964cae1b3010740e236eb46

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/948788/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/170782/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample