MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ff77cfc952a63f6c75709db72ca3ddd2b362bf416bb454957f3b8bfdbaafd50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ff77cfc952a63f6c75709db72ca3ddd2b362bf416bb454957f3b8bfdbaafd50
SHA3-384 hash: 5d0b11166eb426481998d2ff87fb1b11562cedab5586c96d0920ee3a895a13c7e1077bd6ad0fe9e3695c03c3ead79332
SHA1 hash: 7c427f3401af134ec5485f55508cba07a83355c7
MD5 hash: 8edda668e90b9323f63d4b9c13228edd
humanhash: alanine-bravo-india-magazine
File name:Payment Confirmation.exe
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:221'184 bytes
First seen:2020-04-23 08:19:16 UTC
Last seen:2020-04-23 09:01:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 828d922981646945a06780ccbcef0fe0 (1 x RemcosRAT)
ssdeep 1536:+tK8h30rmv0xL3Rhole8qaEbQgu8FDWt2Ygj3cY5i20mOtDJgg+1/sjMbx3uoic3:cKWbZdq/FNFSksXgm76bbobO
Threatray 786 similar samples on MalwareBazaar
TLSH D624F6856DB8A423C31842306EEAD7F9C34C7DD0EAE5C94F2080771FAE7365A156A52F
Reporter jarumlus
Tags:RemcosRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GuLoader.GenericKD.43027785.13416.7448.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 23:34:26 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l73xz7evfjr7nr2xbhnxfsr53uvtmk7uc25ukskx6o4l7w5k7via._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0661a441ae0af8542687aeb35aa00942b5b2bd1543c35574c0f4cb4592ed4c36
RemcosRAT
1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
RemcosRAT
2cbfb5b5238c10c431fa755298761b8800c34ee953d3e1363e6c61c53830ebcc
RemcosRAT
65afb4a852750914ac4305f80a7b3af6110eecf36b17bb68f4e55b17426c6d5b
RemcosRAT
7f95fc08dcdbe713e3a41b5b5d72763b4b3a4c608a1766596c8d055b12b2ee27
RemcosRAT
840fcf3e185f0a54e8f1aee00cbcaa8b452a7f45bedb258e3afef8cb9fd3e0fd
RemcosRAT
96d15bb3fe99161d651573512abb94b55f9b88e72c3a34d52eb4ce7574da8db7
RemcosRAT
b9eb219ce57af2c2320bab070cc02c9c1e263b6cf79205a0799129bf29d22a5f
RemcosRAT
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
RemcosRAT
fc43a119f255e01cc5bd1ae95791495a4f92cc0545d64b0bdab72dc126a5dd4e
RemcosRAT
+ 776 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments