MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fd27941dad49771148973376733a73f0b9bd2cae4cb7fdb5c999f8254869995. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7fd27941dad49771148973376733a73f0b9bd2cae4cb7fdb5c999f8254869995
SHA3-384 hash: c913ea9f7a53c151726b84ce8639306f6d1293e9998de63320fd19f47b8fbbe045bbcc7a34f1363e568741e8ebe3211c
SHA1 hash: fab10b9c1ffa80bc1051a7fe9e2c269fa5d86163
MD5 hash: 9dec56964815f9cada910bdee535027d
humanhash: louisiana-beryllium-alaska-apart
File name:Wyzntjzprmmvqdtdrthurezrzhdavabchs.exe
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:849'408 bytes
First seen:2021-08-03 08:42:25 UTC
Last seen:2023-02-01 00:35:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b47eb09e8baa121d107e1f6d362c6d7 (2 x RemcosRAT, 1 x BitRAT)
ssdeep 12288:YKwkfdbXTsOUkxyDdUk3LJZSsSKrcaOr3hif/fC07FL6j0swZtwTaNX2mZbDd1CP:31bXmUkbXv9rcdRifH3MgM
Threatray 285 similar samples on MalwareBazaar
TLSH T1CD058DD2ED027432CC611D75AC7A826A62E06E7D1B3C8887B5D5DE3E1F3B642349709B
dhash icon 1130767864760841 (6 x RemcosRAT, 2 x Formbook, 1 x NetWire)
Reporter cocaman
Tags:exe RemcosRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Wyzntjzprmmvqdtdrthurezrzhdavabchs.exe
Verdict:
Suspicious activity
Analysis date:
2021-08-03 08:43:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ca59f1e8-f8e3-4eea-885d-a97392aa5b9b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175987/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Sending a UDP request
DNS request
Connection attempt
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/84547346-3f8f-406f-8997-9e84c6c301d0
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/825991
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7fd27941dad49771148973376733a73f0b9bd2cae4cb7fdb5c999f8254869995/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2021-08-03 08:43:09 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
18 of 46 (39.13%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p7jhsqo22slxcfejom3wom5hh4fzxuwk4tfx7w24tgpyevegtgkq._file
Verdict:
unknown
Similar samples:
1c33eed32ee64e2abbc1b66486b46f93b5ca61d42e384d3dd49810c73f48147f
RemcosRAT
3368d82a927186d857ce56ab31dc79abc952c0958cc855203a6c6e1509578d56
RemcosRAT
9619dd90b103cea6ed31462e70f2419900b0f943295a7b773a0a77504ade15ce
RemcosRAT
a643135974d54161165848843bdaddd082f25635e1fb8f6d4b45f8451042ba93
RemcosRAT
c0dbfce6d1904f32b39ef57d1f59595099171f5e038ad1003a9fc5f9c3ec92d2
RemcosRAT
e805423ef1971ad60f2cf93dd0845f3bc13fb5bce5dc3b3b3e39f56c4f9142e7
RemcosRAT
ee48194ee12b493625d6cbb63bf1258f30f82147cd93056557aec24c4f4b6ae8
RemcosRAT
fd866b4e18b49ef0232eda27280a0d56a9e408792bba4cddded1961fe64e7bf3
RemcosRAT
+ 275 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210803-zkzn2sc5ds/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
c873bd224bbf6f82aa169f079016ebdf7690b40a7db5dd8cfefd26404a9d50ca
MD5 hash:
d328f4ade4dd3cd77b3c055c6a7a7937
SHA1 hash:
5d2437502c20efaadd44d27bd5f2f748bdb48512
Link:
https://www.unpac.me/results/e0d34968-8cdb-4b4f-a3c5-f5d77636a36e/
SH256 hash:
7fd27941dad49771148973376733a73f0b9bd2cae4cb7fdb5c999f8254869995
MD5 hash:
9dec56964815f9cada910bdee535027d
SHA1 hash:
fab10b9c1ffa80bc1051a7fe9e2c269fa5d86163
Link:
https://www.unpac.me/results/e0d34968-8cdb-4b4f-a3c5-f5d77636a36e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7fd27941dad49771148973376733a73f0b9bd2cae4cb7fdb5c999f8254869995

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 362372e1b3df1a5df4e537edc19366b048d180fd872d8a3f771064bff042723f

RemcosRAT

Executable exe 7fd27941dad49771148973376733a73f0b9bd2cae4cb7fdb5c999f8254869995

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 362372e1b3df1a5df4e537edc19366b048d180fd872d8a3f771064bff042723f
Cape
Cape
https://www.capesandbox.com/analysis/175987/

Comments