MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b80530a828c11ceece0440e08ac3a496e8abc076df4cfa7a6ec652c2fb800558. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemusStealer


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b80530a828c11ceece0440e08ac3a496e8abc076df4cfa7a6ec652c2fb800558
SHA3-384 hash: df3a94d2c8350db81bb92df48b9e4bc925d00d1bdb39b626a737421905368b8f88fcc3a5c2609e14f23281642a2f5f04
SHA1 hash: 31eb93c2c74520ba0117aca3fbc60005ab468b08
MD5 hash: 05954a81f0de918f5316a6eab0dd5bae
humanhash: emma-bakerloo-undress-california
File name:crz uncrypt.exe
Download: download sample
Signature RemusStealer
Create hunting rule
File size:222'720 bytes
First seen:2026-06-09 15:05:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8b41a1754e41495e9695410df2f316c9 (6 x RemusStealer)
ssdeep 3072:AEvG46zsRMlwQqS8a7/UymQTrMNTfeAd3PxVv2NLTTkTFqXZlzeqxY3iPlAKEdZT:urVwQGajObeaPxVv2NLTIpezY3iSZT
TLSH T1A524086BD2A331FCD262C0745266A232B733B93D47289EF74293D3359D219C05F79A29
TrID 51.9% (.EXE) Win64 Executable (generic) (6522/11/2)
16.1% (.EXE) OS/2 Executable (generic) (2029/13)
15.9% (.EXE) Generic Win/DOS Executable (2002/3)
15.9% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter aachum
Tags:exe neuralcoreflux10-lol RemusStealer


Avatar
iamaachum
https://neuralcoreflux10.lol/download/crz%20uncrypt.exe

RemusStealer C2:
http://pickad.shop:8478
http://myrtler.biz:9549 (195.211.191.95:9549)
http://youngel.biz:8768

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
ES ES
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
b80530a828c11ceece0440e08ac3a496e8abc076df4cfa7a6ec652c2fb800558.zip
Verdict:
Malicious activity
Analysis date:
2026-06-09 15:07:52 UTC
Tags:
arch-exec stealer remus
Link:
https://app.any.run/tasks/843fe030-4540-4348-93c7-857a291c0c42

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70329/
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a282bd434eaf30d8ce450d6
Tags:
downloader extens trojan
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching a service
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context packed
Link:
https://www.filescan.io/uploads/6a282bcf1f652d686572b42b/reports/fbb613fd-e21a-4f6c-999a-19e4779ccba6/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/b80530a828c11ceece0440e08ac3a496e8abc076df4cfa7a6ec652c2fb800558
Verdict:
Malicious
File Type:
Detections:
Trojan.Win32.Agent.gen
Link:
https://opentip.kaspersky.com/b80530a828c11ceece0440e08ac3a496e8abc076df4cfa7a6ec652c2fb800558/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/c9603db6-fe54-4fcc-bf8d-e496afdf23df
Result
Threat name:
REMUS Stealer
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1925248
Signature
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected REMUS Stealer
Behaviour
Behavior Graph:
Download SVG
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/b80530a828c11ceece0440e08ac3a496e8abc076df4cfa7a6ec652c2fb800558
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b80530a828c11ceece0440e08ac3a496e8abc076df4cfa7a6ec652c2fb800558/
Threat name:
Win64.Infostealer.Tinba
Create hunting rule
Status:
Malicious
First seen:
2026-06-09 15:05:57 UTC
File Type:
PE+ (Exe)
AV detection:
20 of 36 (55.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xactbkbiyeoo5tqeidqivq5es3ukxqdw35gpu6toyzjmf64aavma._file
Verdict:
malicious
Label(s):
remus
Create hunting rule
Similar samples:
error
RemusStealer
Result
Malware family:
remus_stealer
Create hunting rule
Score:
  10/10
Tags:
family:remus_stealer discovery execution persistence spyware stealer
Link:
https://tria.ge/reports/260609-sgneladt5k/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Browser Information Discovery
System Location Discovery: System Language Discovery
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Executes dropped EXE
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Malware Config
C2 Extraction:
http://pickad.shop:8478
http://myrtler.biz:9549
http://youngel.biz:8768
Unpacked files
SH256 hash:
b80530a828c11ceece0440e08ac3a496e8abc076df4cfa7a6ec652c2fb800558
MD5 hash:
05954a81f0de918f5316a6eab0dd5bae
SHA1 hash:
31eb93c2c74520ba0117aca3fbc60005ab468b08
Link:
https://www.unpac.me/results/f99991ca-54e4-4ee4-a375-fefc80f63881/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b80530a828c11ceece0440e08ac3a496e8abc076df4cfa7a6ec652c2fb800558

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RemusStealer

Executable exe b80530a828c11ceece0440e08ac3a496e8abc076df4cfa7a6ec652c2fb800558

(this sample)

  
Link
https://tria.ge/260609-r24rmscx6l/behavioral3
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/70329/

Comments