MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a0f4e7fd0176e47c8b254a3814f207fad9535cce012ecf4a735a016b19f1350. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a0f4e7fd0176e47c8b254a3814f207fad9535cce012ecf4a735a016b19f1350
SHA3-384 hash: 6771ca8b6e9073331dccbedb089a92a2d2d85efddb02f3196383895a76e90dcf99d4c363e8649beefe67dccf4dfc7994
SHA1 hash: e801a82d4a4dad6bf89d6a526c699d2df677dbcf
MD5 hash: d97696c2f39f22eb70ae51679cd1b500
humanhash: harry-burger-comet-floor
File name:d97696c2f39f22eb70ae51679cd1b500.exe
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:4'366'848 bytes
First seen:2022-08-31 18:25:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 24b92ccf1e266e626a6cc7126f975fe5 (7 x RemcosRAT)
ssdeep 98304:kDUmPvCTDVuz8MO5MsrGp+IYgw4JdDEjn4JG5XL7xQ1:kYyxIzzCjHDE0JqxQ1
TLSH T14B16122712690189E0C4FCF95537FDA131F11E6E5E41A87A65F939CA35324A3EF02A2F
TrID 29.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
22.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
20.3% (.EXE) Win32 Executable (generic) (4505/5/1)
9.1% (.EXE) OS/2 Executable (generic) (2029/13)
9.0% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 06556d4d4d330f0e (2 x RemcosRAT)
Reporter abuse_ch
Tags:exe RAT RemcosRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
349
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/306972/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Setting a keyboard event handler
Creating a window
DNS request
Creating a file in the %temp% subdirectories
Creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/630fa7c9a7450371f69293c9/reports/28d24422-f635-4e68-9eae-6829c59ca9d6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/740c2e5e-ee53-435b-a2bc-d19d4dfe2241
Result
Threat name:
Remcos
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1061859
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8a0f4e7fd0176e47c8b254a3814f207fad9535cce012ecf4a735a016b19f1350/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2022-08-31 16:25:55 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
24 of 40 (60.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rihu476qc5xepsfsksryctzap6wzknom4ajoz5fhgwqbnmm7cnia._file
Result
Malware family:
remcos
Create hunting rule
Score:
  10/10
Tags:
family:remcos rat
Link:
https://tria.ge/reports/220831-w27whsaacr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Remcos
Unpacked files
SH256 hash:
d790e3732443eb12d05b7a685fdb0b1f5508dc0c64fff815fa30f3ab08b9915e
MD5 hash:
20d5b3dcb78d505df10d8862439af698
SHA1 hash:
e52c4324e06ce5c7bc42bfcc8c9d6d8daadc834a
Link:
https://www.unpac.me/results/e0b8af77-1035-4e54-9af0-e3830012e876/
SH256 hash:
8a0f4e7fd0176e47c8b254a3814f207fad9535cce012ecf4a735a016b19f1350
MD5 hash:
d97696c2f39f22eb70ae51679cd1b500
SHA1 hash:
e801a82d4a4dad6bf89d6a526c699d2df677dbcf
Link:
https://www.unpac.me/results/e0b8af77-1035-4e54-9af0-e3830012e876/
Malware family:
XMRig
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8a0f4e7fd017/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8a0f4e7fd0176e47c8b254a3814f207fad9535cce012ecf4a735a016b19f1350

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RemcosRAT

Executable exe 8a0f4e7fd0176e47c8b254a3814f207fad9535cce012ecf4a735a016b19f1350

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2276802/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2276782/
Cape
Cape
https://www.capesandbox.com/analysis/306972/

Comments