MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 576c45faf084a4f7d282e460ee207cd9a6dc269444701ee211f9aeb7879efc35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	576c45faf084a4f7d282e460ee207cd9a6dc269444701ee211f9aeb7879efc35
SHA3-384 hash:	a47977a9da8866b439ddfc3d0691a3be1b4f0f66ff2fe12c4835dc2e2f8bb23664782f3f9165071aaf5f464e1314dbd4
SHA1 hash:	ef40343e9537c714533ed312f72f46b3a28b8a9d
MD5 hash:	2b47fc7aac5b10c9f012ac0d573b3ff2
humanhash:	oklahoma-salami-ack-carolina
File name:	2b47fc7aac5b10c9f012ac0d573b3ff2.exe
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	1'171'456 bytes
First seen:	2021-08-25 11:57:24 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c65aff2bab39ef464a2bad0c06b18bd1 (7 x RemcosRAT)
ssdeep	3072:wdteLxnf/mbNrPNt7hrmmWVyouTnnnniucucucuc2nnnng:pdnHmbDrWVn7nnnnT
Threatray	4'848 similar samples on MalwareBazaar
TLSH	T1CB4502E0E82AFD57F336D4389026FA64C6D91091EB52D07BB42BFA6451B3390245EB1F
dhash icon	0000001858b4a600 (8 x RemcosRAT, 3 x GuLoader, 1 x Formbook)
Reporter	abuse_ch
Tags:	exe RAT RemcosRAT

Intelligence

File Origin

# of uploads :

# of downloads :

162

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

2b47fc7aac5b10c9f012ac0d573b3ff2.exe

Verdict:

Suspicious activity

Analysis date:

2021-08-25 12:00:34 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2be32b52-c1f8-44c1-a947-574801fb9821

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/182289/

Detection(s):

SecuriteInfo.com.Variant.Razy.913027.29743.25699.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

DNS request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

GuLoader

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/5e7f6d7b-5aea-42b8-b251-6adcb21fed69

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

evad.troj

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/839037

Signature

Antivirus / Scanner detection for submitted sample

GuLoader behavior detected

Hides threads from debuggers

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses dynamic DNS services

Behaviour

Behavior Graph:

Download SVG

Detection:

guloader

Link:

https://mwdb.cert.pl/sample/576c45faf084a4f7d282e460ee207cd9a6dc269444701ee211f9aeb7879efc35/

Threat name:

Win32.Trojan.Razy

Status:

Malicious

First seen:

2021-08-25 11:58:12 UTC

AV detection:

17 of 27 (62.96%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=k5wel6xqqssppuuc4rqo4id43gtnyjuuiryb5yqr7gxlpb467q2q._file

Verdict:

malicious

Label(s):

remcos

cloudeye

RemcosRAT

548aefb935e11a84133bd8b3d367d988b9ad2e3bde7f4c0fffcf6a94b529be72

RemcosRAT

6744f6083b8e8c5fca03f50101223d6125db7a1aebeb9de0e87c9e67441e8a53

RemcosRAT

70921226f4c6dd8d21672150cc0115b107c395f848aa89975ed3bb42c7eccd69

RemcosRAT

860e16c192167d5dd823b8e533858cdada7aa9b3173254f2f57031af68b84e0c

RemcosRAT

d4d30acde6fa4db431b90817911b44d21c65fc1fa72744625bccafe3899869bc

RemcosRAT

d9040bf8ad755cd41dc6266c0e0049f4bac0eaa23f18a26931357fe21c719701

RemcosRAT

f5502d660f4b1f1110b7ba4fd0eab36ec5b44ff97c12b146a48ff8e38efa4745

RemcosRAT

+ 4'838 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210825-saeswsv49x/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

576c45faf084a4f7d282e460ee207cd9a6dc269444701ee211f9aeb7879efc35

MD5 hash:

2b47fc7aac5b10c9f012ac0d573b3ff2

SHA1 hash:

ef40343e9537c714533ed312f72f46b3a28b8a9d

Link:

https://www.unpac.me/results/3433fec4-aa09-4f2f-b97a-55b036ec42bb/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/576c45faf084a4f7d282e460ee207cd9a6dc269444701ee211f9aeb7879efc35

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RemcosRAT

exe 576c45faf084a4f7d282e460ee207cd9a6dc269444701ee211f9aeb7879efc35

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1557705/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/182289/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample