MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b76d5451dd01a49fcbfb64219dfe592d392783ddb4efeb1b2a5f5dcc36ef5d30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
RemcosRAT
Vendor detections: 6
| SHA256 hash: | b76d5451dd01a49fcbfb64219dfe592d392783ddb4efeb1b2a5f5dcc36ef5d30 |
|---|---|
| SHA3-384 hash: | 01cfa15e8c2671f8b12f7faee825446cf5e16994bf5a4de524c78d9a00f5ccc9dd1e62d927090ccb78d381d23595651c |
| SHA1 hash: | 82c1e66e48267e8a4559d6fd34e07c868001c930 |
| MD5 hash: | 7d279c2887ac75e06a6a5ae1ae392f18 |
| humanhash: | east-illinois-venus-friend |
| File name: | Requirement_document_2026010711864779153.rar |
| Download: | download sample |
| Signature | RemcosRAT |
| File size: | 181'504 bytes |
| First seen: | 2026-07-03 18:02:28 UTC |
| Last seen: | 2026-07-03 18:03:48 UTC |
| File type: | rar |
| MIME type: | application/x-rar |
| ssdeep | 3072:teMtkBLfnKkakpMvDqgcx28hqefOWmDxv7LCNLJIq898j07GDOZgl:AxKNkpMvDR89fmDdeNV7898j07fZk |
| TLSH | T1CB0412505FA603A5DA012A8F63E5F6BD3814D41AD1CDB93C182AF0AE11B403FD762AD7 |
| TrID | 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1) |
| Magika | rar |
| Reporter | |
| Tags: | rar RemcosRAT |
Intelligence
File Origin
# of uploads :
2
# of downloads :
51
Origin country :
CHVendor Threat Intelligence
Detection(s):
Verdict:
Malicious
Score:
99.9%
Tags:
cobalt shell sage remo
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
downloader
Verdict:
Unknown
File Type:
Rar
First seen:
2026-07-01T23:50:00Z UTC
Last seen:
2026-07-03T14:49:00Z UTC
Hits:
~10
Gathering data
Threat name:
Script-WScript.Trojan.Heuristic
Status:
Malicious
First seen:
2026-07-03 18:14:27 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
7 of 36 (19.44%)
Threat level:
2/5
Detection(s):
Suspicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.33
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.