MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50a672f57c59c6c3658e484c1c271f358ef2a92596242c77eb8aba6b46465e97. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	50a672f57c59c6c3658e484c1c271f358ef2a92596242c77eb8aba6b46465e97
SHA3-384 hash:	0fac4108b6a13731ff6d19ad134fe550f4ba211ea8a40a45ab1e949c187d791433977bdc007e36d923ab6eb451e69031
SHA1 hash:	f501073c9a6d8e06af69811c12d2939f9cdffb68
MD5 hash:	4796f2a1a466d898240ba695486660d2
humanhash:	fruit-zebra-bluebird-lima
File name:	50a672f57c59c6c3658e484c1c271f358ef2a92596242c77eb8aba6b46465e97
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	6'850'520 bytes
First seen:	2020-06-29 07:08:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	afcdf79be1557326c854b6e20cb900a7 (1'102 x FormBook, 936 x AgentTesla, 399 x RemcosRAT)
ssdeep	98304:u2cPK1a4f2cPK1a4O2cPK1a4f2cPK1a482cPK1u2cPK1a4f2cPK1ag:hCKECKTCKECKFCKzCKECKl
Threatray	783 similar samples on MalwareBazaar
TLSH	2E669C0273D1C036FFABA2739B6AF24156BD79354123852F13982D79BD701B2263E663
Reporter	JAMESWT_WT
Tags:	RemcosRAT

Intelligence

File Origin

# of uploads :

1

# of downloads :

69

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Remcos

Link:

https://www.capesandbox.com/analysis/15459/

Detection(s):

Win.Malware.Remcos-6985942-1

Win.Malware.Remcos-6985941-2

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL

Detection:

remcos

Link:

https://mwdb.cert.pl/sample/50a672f57c59c6c3658e484c1c271f358ef2a92596242c77eb8aba6b46465e97/

Threat name:

Win32.Trojan.Nymeria

Status:

Malicious

First seen:

2020-06-15 04:41:46 UTC

File Type:

PE (Exe)

Extracted files:

153

AV detection:

23 of 24 (95.83%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=kcthf5l4lhdmgzmojbgbyjy7gwhpfkjfsyscy57lrk5gwrsgl2lq._file

Verdict:

malicious

Label(s):

remcos

Similar samples:

23735f88fafab80a318fe17447a9eaff8d898daf2f31108c0ab051e50ae16ef5

36c0ddbebaeec834aefef44ead907270d13814c446634d4856e9ac27d30ba355

56fee643ba39ac908309688827397099ca6b707c45154eb14da1b693f6b16571

58b53ee472e3b9882a0edf1a934567f1f02272090740def31bb1c52c2de73d7d

62115059096fc430f5e8b4cfe6884444fbb2b0733760a7f4a9856791f1151ba9

89313534a5c4579b6a00425281ef0473246cfb2340653bd3cf41b584bfa40578

8f326df009924cd7bf93a0a9cb83f1ae42adec4e7afce32971da35a8d792a223

97008666a70fcc824511b881a3ac67640fe8c4aa79c21111e40f8d3a9ad54740

c851749fd6c9fa19293d8ee2c5b45b3dc8561115ddfe7166fbaefcb9b353b7c4

d06558cd5d7615d66ea2d806877d962994732909cf003eff4b95d62100840b70

+ 773 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/200629-xqgmhrla9a/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Drops startup file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/15459/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample