MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e78db46391cadbbffb7825a2144ca2c8cbbf8afedf91b9d3575d48eede2b9cce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RemcosRAT

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	e78db46391cadbbffb7825a2144ca2c8cbbf8afedf91b9d3575d48eede2b9cce
SHA3-384 hash:	420f1af2200144bc8e7215b09be0799cab2b42e5e7005dd3e85a44170a37357b6b4b5b03a7c697430963d9102d1fe3ea
SHA1 hash:	d3690c2fd68aa9c289ff1c4bc303615888a45928
MD5 hash:	c245a63c4915e6f000c0ee0dd314ccbd
humanhash:	mango-early-ceiling-asparagus
File name:	DHL_102121 документ о получении,pdf.exe
Download:	download sample
Signature	RemcosRAT Create hunting rule
File size:	996'352 bytes
First seen:	2021-10-21 18:32:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ac55f6686b1348553fd9b5d485943699 (5 x Formbook, 4 x RemcosRAT)
ssdeep	12288:fDug7DeIhyEzPsO4z+oxMOQWHphA3hHx8rkRZQ9XYBk9NAOe6k1+hO/O5N8DoQTR:rt7JhyEz0O4z+OQK79HHQT2ODA
Threatray	494 similar samples on MalwareBazaar
TLSH	T115259DB9C1E008F6FA3738B9AC79147D8E793F503424664ACAC5BC492F777C6B825582
File icon (PE):
dhash icon	36f0390284e2da70 (12 x RemcosRAT, 7 x Formbook, 1 x OskiStealer)
Reporter	abuse_ch
Tags:	DHL exe RemcosRAT

Intelligence

File Origin

# of uploads :

1

# of downloads :

204

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Remcos

Link:

https://www.capesandbox.com/analysis/199176/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader43.48586.12000.12857.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Launching the default Windows debugger (dwwin.exe)

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

keylogger packed

Link:

https://www.filescan.io/uploads/6171b260a9d585e6d53275a0/reports/fa531995-e44f-4d26-b7cf-e02d48af081f/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

REMCOS

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/bafd0fc8-7d3b-4ee8-a5f7-3969c452fdee

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e78db46391cadbbffb7825a2144ca2c8cbbf8afedf91b9d3575d48eede2b9cce/

Threat name:

Win32.Downloader.FormBook

Status:

Malicious

First seen:

2021-10-21 18:33:04 UTC

AV detection:

16 of 28 (57.14%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=46g3iy4rzln3763yewrbitfczdf37cx636i3tu2xlveo5xrlttha._file

Verdict:

malicious

Similar samples:

0f795e11fe7833c1dbe5c9f2f4aba409fa6acab6e408def8a4543cf6d6a825be

583dd77ec5f198782e75d7c7286fabb741051c88e32b862dfad56f9b2f46bf0d

6402f4385282298774063f11374e0162643b5d2eaa42b5a5878755b7f97e9e24

a192572433f8f1a41f0035e040f0f455608b6eb9695cbb87c9734f3a4bf7d4cc

c66278e7c7a5ccb279d55d3dc1b3ef42188e47f276f09d5a8f686a5ba2ab3dd7

d90b2ee420fc51d84a0c3c3fe2ae4e13b6313cd030be264440538a396dfe7956

df80a9ac733001005f97d181473cd67a5c4a9f6804fce2c0da911e728b7690d1

fc9ba22e8b90dbfe7b8b4b8450f2a93227c949d57395f59a0cedd30c78f05697

+ 484 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/211021-w665sabeer/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

651d2f39c341c86341babbf45e367c1fe183f49348f3816f91920e08ed057d2a

MD5 hash:

100b966ad7ecd1ba763f069d4f1c27d6

SHA1 hash:

630ce76fda48fa229e41cf3e5b70f21af8288af0

Detections:

win_temple_loader_w0

Link:

https://www.unpac.me/results/6134014d-5aa2-4b81-8715-8125f6d116e1/

Parent samples :

b198849b0a7a1ce934d8388e1b2b6d03e8d6fce5972c5ea4b108d8e1364090e7
fc9ba22e8b90dbfe7b8b4b8450f2a93227c949d57395f59a0cedd30c78f05697
df80a9ac733001005f97d181473cd67a5c4a9f6804fce2c0da911e728b7690d1
6402f4385282298774063f11374e0162643b5d2eaa42b5a5878755b7f97e9e24
c66278e7c7a5ccb279d55d3dc1b3ef42188e47f276f09d5a8f686a5ba2ab3dd7
efd1897cf1232815bb1f1fbe8496804186d7c48c6bfa05b2dea6bd3bb0b67ed0
891ff9447dec210b5897080666b8281d7387206c14dba7587465e16bd2efa117
d90b2ee420fc51d84a0c3c3fe2ae4e13b6313cd030be264440538a396dfe7956
a192572433f8f1a41f0035e040f0f455608b6eb9695cbb87c9734f3a4bf7d4cc
0f795e11fe7833c1dbe5c9f2f4aba409fa6acab6e408def8a4543cf6d6a825be
583dd77ec5f198782e75d7c7286fabb741051c88e32b862dfad56f9b2f46bf0d
e78db46391cadbbffb7825a2144ca2c8cbbf8afedf91b9d3575d48eede2b9cce
7080315530bc6d7ead65034c1587e4596d9dbf0fc17107fbb28f84bf016009f9
deb410973549a5ec310fe689d56d44952df151506278c66a07bcf07a41b4898a
19b95be1b0c890804845c8c6e19cef972c89bfc8156201c3490f047ebfc42ed4
3bfb18b65c870e3c012f8d38fa70ea7441d6b09530e5f77d837d636c0e2abd0d
e7de0f165f8c5b38c60cf57edf5277ce09ea31bf46aa31f1b6bdc011a5e248e3
b3bc74c1f3673da08a95775af5f39dd116a249d8a7e597fcd8bb56e07ae3bcd2
6aa1329fc1a0a21844c1f75d779154833278f42adb7d7c3a8d760ad465951d07
967143d314abcb1ad4cab1133dc0b296ae38580511b9cd412fdf3a7c282160e9
473b2f6c5dd078673de5cdf099c1c983a826537d0a6cca0e35f79af7eee471a0
fc7cb61d2d3af49d228b2aa554255b5c0401090684cf4336485499af4b6ae2bb
c6dae6493723d83bbbad1d1c66384aea85bc0664ca2bb6f796a6ce02b7a85a33

SH256 hash:

e78db46391cadbbffb7825a2144ca2c8cbbf8afedf91b9d3575d48eede2b9cce

MD5 hash:

c245a63c4915e6f000c0ee0dd314ccbd

SHA1 hash:

d3690c2fd68aa9c289ff1c4bc303615888a45928

Link:

https://www.unpac.me/results/6134014d-5aa2-4b81-8715-8125f6d116e1/

Malware family:

Remcos

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/e78db46391ca/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e78db46391cadbbffb7825a2144ca2c8cbbf8afedf91b9d3575d48eede2b9cce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe e78db46391cadbbffb7825a2144ca2c8cbbf8afedf91b9d3575d48eede2b9cce

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/199176/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample