MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9cbb1b3305d042e03d3e94b2d9cb93e46a230e150e9843a837749b0217a0d2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	a9cbb1b3305d042e03d3e94b2d9cb93e46a230e150e9843a837749b0217a0d2f
SHA3-384 hash:	acfb915bcfa0536ab545adccc95e75cad06ec270a945c5a9a86bbc5e0c0ab8297bb8ccd25b0b0a10cf843a7fc14b62e8
SHA1 hash:	6d7e6d6cddd4c1d32f775f94e094ca4abd3bec32
MD5 hash:	5e7331fba875a69fa8fb2b01992a3501
humanhash:	coffee-fillet-delta-lactose
File name:	license.js
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	66'848 bytes
First seen:	2026-03-18 12:46:46 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	768:j0W/O9v6srEv0Vty22/etfhcdagg9dvrZJoFqQ:j0W/O9yqCgy22Kfud4dDAV
Threatray	140 similar samples on MalwareBazaar
TLSH	T1AE635609CE437C93D29190DDBB7720AEF91639E030AB16534DA7BEB8B745281F95D08B
Magika	javascript
Reporter	James_inthe_box
Tags:	exe js RemcosRAT

Intelligence

File Origin

# of uploads :

1

# of downloads :

168

Origin country :

US

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69ba9ecd88c80c01586ba250

Tags:

ransomware extens xtreme

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-vm base64 fingerprint repaired

Link:

https://www.filescan.io/uploads/69ba9ed44ec2f522cc4dd883/reports/128aad0c-f7e5-48a8-a1b3-f871c250057c/overview

Verdict:

Malicious

Labled as:

Trojan.Cryxos.JS

Link:

https://www.hybrid-analysis.com/sample/a9cbb1b3305d042e03d3e94b2d9cb93e46a230e150e9843a837749b0217a0d2f

Result

Gathering data

Verdict:

Malicious

File Type:

js

Link:

https://opentip.kaspersky.com/a9cbb1b3305d042e03d3e94b2d9cb93e46a230e150e9843a837749b0217a0d2f/results?tab=lookup

Score:

97%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/a9cbb1b3305d042e03d3e94b2d9cb93e46a230e150e9843a837749b0217a0d2f

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a9cbb1b3305d042e03d3e94b2d9cb93e46a230e150e9843a837749b0217a0d2f/

Verdict:

Malicious

Threat:

Family.REMCOS

Link:

https://tip.neiki.dev/file/a9cbb1b3305d042e03d3e94b2d9cb93e46a230e150e9843a837749b0217a0d2f

Threat name:

Script-JS.Trojan.Cryxos

Status:

Malicious

First seen:

2026-03-18 12:46:47 UTC

File Type:

Text (JavaScript)

AV detection:

6 of 36 (16.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=vhf3dmzqlucc4a6t5ffs3hfzhzdkemhbkduyioudo5e3ail2buxq._file

Verdict:

malicious

Label(s):

remcos

Similar samples:

08e51e36a95e7aa0b388ccab1aa085836ed86b2ef8c0ccc21f10f700029e31a9

08f4e43fac6f13d0e30b38273d7e2885a76cc5024b91dc2a1bb9ca971d47786e

1fb2640c673c8dc92ad3b9085489c13c45af5aa3b4ff05eb1e647238e3d45126

457ce298b2b36aba99ce04072e8dd1388c374a8d1fab4234ef009f01cd49a656

a20c0d8c528213634c00f34a21d192cb91998890eab02db5d60a3f12560730ed

a99b033ba05647d37a7e1e9de591fb6cb27495cd0368a1b165fbf8fde3785e2f

e96d879950e582d7c3f16f914a9ab11fe4b80f8a4aa9f32065a342fa288705de

+ 130 additional samples on MalwareBazaar

Gathering data

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a9cbb1b3305d042e03d3e94b2d9cb93e46a230e150e9843a837749b0217a0d2f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample