MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce6a420547785fbbec9f1b5d5e586737bba24219ecd8e689621b7c214691129d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce6a420547785fbbec9f1b5d5e586737bba24219ecd8e689621b7c214691129d
SHA3-384 hash: 77ab196efed092a91013ed73ab652d1a829944f483ce113a24d86b4aafac82c14ede153971a97715973b676532e3d774
SHA1 hash: 132216819d3761b0520fd3faca226137570bfae7
MD5 hash: 32ec820e0f83f354216e649f6865230b
humanhash: east-india-bluebird-london
File name:7d29037.exe
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:549'888 bytes
First seen:2022-10-05 07:07:05 UTC
Last seen:2022-10-05 09:17:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:8BvZVBVmjl1E0v37soWTCoBXRXv2LsvIYV/:IvA1RvLQPXR+gwYd
Threatray 12 similar samples on MalwareBazaar
TLSH T1ACC40253AE39C74AD33141F48653C57216AE6DA678131F2B23D73C67BBD23E266810A3
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon c4d48eaa8ad4d4f8 (1'000 x RemcosRAT, 1 x Worm.Ramnit, 1 x Vjw0rm)
Reporter lowmal3
Tags:exe RemcosRAT

Intelligence

File Origin
# of uploads :
3
# of downloads :
253
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/316740/
Detection(s):
SecuriteInfo.com.Win64.PWSX-gen.12717.21506.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
83%
Tags:
packed
Link:
https://www.filescan.io/uploads/633d2d530d3d21420cca91b3/reports/562ce3a5-d0aa-48f0-8f39-5d68eced03a7/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/148036ec-d2e7-4c95-80b0-615eebc98c03
Result
Threat name:
Remcos
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1083903
Signature
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Remcos RAT
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 716460 Sample: 7d29037.exe Startdate: 05/10/2022 Architecture: WINDOWS Score: 68 19 Malicious sample detected (through community Yara rule) 2->19 21 Multi AV Scanner detection for submitted file 2->21 23 Yara detected Remcos RAT 2->23 25 Machine Learning detection for sample 2->25 6 7d29037.exe 1 2->6         started        process3 file4 17 C:\Users\user\AppData\...\7d29037.exe.log, CSV 6->17 dropped 9 RegAsm.exe 6->9         started        11 RegAsm.exe 6->11         started        13 RegAsm.exe 6->13         started        15 2 other processes 6->15 process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce6a420547785fbbec9f1b5d5e586737bba24219ecd8e689621b7c214691129d/
Threat name:
ByteCode-MSIL.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2022-10-05 06:10:26 UTC
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zzveebkhpbp3x3e7dnov4wdhg652eqqz5tmonclcdn6ccrurckoq._file
Verdict:
unknown
Similar samples:
341b6ff76b63e3e74b8fd97b301462f9a6544405946271b7766c4ff4c8c28150
RemcosRAT
384b9f64f79052db685e1c7cdbf450b861d00b0ed42808ec9b688a604b53c5d2
RemcosRAT
5fc5899a46fe351361fc6245bfec6143e1f0daa8c2abf6a247af39e5a3c53353
RemcosRAT
5ff630bb32483baef5a0d497a5e37bff0484cdb5d3126ac959a931070ce61730
RemcosRAT
7d7157dafa1904a0d5331931d078f7058a11316863715581fa3db547198029e3
RemcosRAT
8f47a0124c06f3bcc483fe0c29136e822be2b9853fc4c81c3f525dc041168d3f
RemcosRAT
9ba3f37b67b92faad989b9f328b13c5ad6e712678bc2e7e3f3284b82685c0eac
RemcosRAT
a6a120ad08da9e3fbbcb491477914dae9901653122984bf29475d7b344b20e0d
RemcosRAT
c3b9b17acd966a36e27681a32021b35e022cc0df29ee937c61dc766e87f9ecd0
RemcosRAT
f762563c3e7a28714cbec35efae8524d5b2a9889274f73dd963f9a9f1934aaa6
RemcosRAT
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221005-hx74tsdhal/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/0b847827-f17d-408f-a30a-46211ac6f25a
Unpacked files
SH256 hash:
ce6a420547785fbbec9f1b5d5e586737bba24219ecd8e689621b7c214691129d
MD5 hash:
32ec820e0f83f354216e649f6865230b
SHA1 hash:
132216819d3761b0520fd3faca226137570bfae7
Link:
https://www.unpac.me/results/350c7f01-2a32-4fae-bc16-5de104bab46b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/ce6a420547785fbbec9f1b5d5e586737bba24219ecd8e689621b7c214691129d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

Executable exe ce6a420547785fbbec9f1b5d5e586737bba24219ecd8e689621b7c214691129d

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/316740/

Comments