MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bca7cb0477a0f6e0cb1009783fb4bb74789fff4a14c34314bdda577bdfd19f98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bca7cb0477a0f6e0cb1009783fb4bb74789fff4a14c34314bdda577bdfd19f98
SHA3-384 hash: badd43da4c4f4946a4c7c5e5a1e8bdf28bd170dee9bf74afcf1791c67c8f225aa38c2e21783061b62b7d9d60b7052062
SHA1 hash: a9e11b931aafc1adca2ff9cb19d076c6c0d21100
MD5 hash: 814e6fbbf6684989eb6d06ee6ecf77df
humanhash: beryllium-video-spring-fanta
File name:814e6fbbf6684989eb6d06ee6ecf77df.exe
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'057'280 bytes
First seen:2021-03-23 11:11:02 UTC
Last seen:2021-03-23 12:37:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 24576:nYlJRzj+QQpoYfcl1pyJxr7GalQibpK7amIy:cRzjTQPr/GFf7amh
Threatray 88 similar samples on MalwareBazaar
TLSH B125E0291B80FF8DD03F0F3B88598020DBF0C6675623FB9B5CE919EC41DABA9C65515A
Reporter abuse_ch
Tags:exe RAT RemcosRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
814e6fbbf6684989eb6d06ee6ecf77df.exe
Verdict:
No threats detected
Analysis date:
2021-03-23 11:15:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8cc224e8-041d-4198-97a5-06f6401db203

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/126569/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.598.14237.18527.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/649884
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 373898 Sample: 7ZTE4W8J3L.exe Startdate: 23/03/2021 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 6 7ZTE4W8J3L.exe 2 2->6         started        process3 process4 8 dw20.exe 22 6 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bca7cb0477a0f6e0cb1009783fb4bb74789fff4a14c34314bdda577bdfd19f98/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-03-23 02:49:11 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xst4wbdxud3obsyqbf4d7nf3or4j772kctbugff53jlxxx6rt6ma._file
Verdict:
unknown
Similar samples:
059536bbab978532bfbb24c62770d3a0b4f3a46aee080672200711469f747302
RemcosRAT
28e5fa8a71a61c9a963340efa4179b8e1e966eca430c77f86c5795a28b66162a
RemcosRAT
4955c0093c474d0052c522cd6bf1d96ca9eab8371a986f070d044a30c5c6b202
RemcosRAT
759c67a815022fb8b185236d3b2f25c2d009c8e9ff8bf3571e339dc2e2473d93
RemcosRAT
767d213b2083d5ba0cfb4e4d281fcce7d2233345ec7932e2d89cf303fd51b10e
RemcosRAT
80633cf6f53854e8c478e74ae93e4456f7730d323ca9d57d445de570a7ee7f45
RemcosRAT
8ffd510513cafe4d5b4812ef693f06dcff7dc4097cccacd1be4ca0d308f3494d
RemcosRAT
b8e2713744ae4bf75f6f051a88fd7cd88aa5a9d0e5707932b44a5fb47dd73057
RemcosRAT
dc33d410898885b637ad8dd510d290ff2c00ae00069f28a60a282364faf0384e
RemcosRAT
eca13de65c0bea59c87ad6d8fd0d4d7083badd47dd919b5d407b77298ee36a85
RemcosRAT
+ 78 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210323-9wx1d6m8wn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
bca7cb0477a0f6e0cb1009783fb4bb74789fff4a14c34314bdda577bdfd19f98
MD5 hash:
814e6fbbf6684989eb6d06ee6ecf77df
SHA1 hash:
a9e11b931aafc1adca2ff9cb19d076c6c0d21100
Link:
https://www.unpac.me/results/3b8f2080-03da-48ae-a63a-0ee3e5bcffb6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.88
Link:
https://yomi.yoroi.company/submissions/bca7cb0477a0f6e0cb1009783fb4bb74789fff4a14c34314bdda577bdfd19f98

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RemcosRAT

Executable exe bca7cb0477a0f6e0cb1009783fb4bb74789fff4a14c34314bdda577bdfd19f98

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1083913/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/126569/

Comments