MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eed41a2c1215d2ca0ef2022172504a565b7a968e6263e173fceb6f1b1747d795. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eed41a2c1215d2ca0ef2022172504a565b7a968e6263e173fceb6f1b1747d795
SHA3-384 hash: 00bd970435e7e23871279c6ba14ed0542600a15725f779cc63d7a0b4c35e8eb099be48b349e841e60976553dbdcdb6f5
SHA1 hash: 6f0393f874f92203b2b3062e7e87e662f177991e
MD5 hash: 733a7f93f0de9697979a11b6dae96b50
humanhash: beer-triple-oxygen-kilo
File name:qs.exe
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:418'816 bytes
First seen:2020-04-13 16:31:21 UTC
Last seen:2020-04-13 17:48:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:/kckgNFkBtDS1Kpsr/ZED/we/mOkzSCX7k3T/Uw+Jn9F/nNEPggIHZvz9QJ6c:/sg0vDSK/DXBkzSK6mJn9FVEPggOLM6
Threatray 218 similar samples on MalwareBazaar
TLSH 3C947D123BC68E98F9E209BE4E09D4125A9DBC945A46B33F748FB65D3E3136580B07DC
Reporter James_inthe_box
Tags:exe RemcosRAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Remcos
Create hunting rule
Link:
https://www.capesandbox.com/analysis/1155/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VKQ.3175.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-13 16:31:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=53kbulascxjmudxsaiqxeuckkznxvfuomjr6c4745nxrwf2h26kq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
123765ca93c6c71f123934f0a1ea08487449d2bfab58f47f9c0a2d4cc645021b
RemcosRAT
1cc84d3c06c9a283218310ac6d69e7161fd7605339b78035747c6f51021475ff
RemcosRAT
2149d167c87cf15f48aa1852adcf96c9a62287a26496ff33892ecc67500d3be2
RemcosRAT
55bca504c5ff798d6c5d4431eff4dda8df6ebfca0db4d86b0f1bf770ff550a0f
RemcosRAT
6ea011e6a1836355936582525e455b151057c89b7f1780ab52c6f5c4cb19ddad
RemcosRAT
8247e9152d0b43ffa80b4c82843bb0903043841c8b9c855ff312461f6443faf4
RemcosRAT
8e395f386862d95d1a2837a56ffac8ec6a8dacd3e61fac1912f1960ada8c5abd
RemcosRAT
9b915d2e5f70b859d8c2eafc94bd593d3e53255444a5b4b651dfb9c2523d83d7
RemcosRAT
a14dc3eb54f3876b3a2bfc6e0aa105c832fc5424130c43248995cceda6790133
RemcosRAT
c2c89da1518a4950cedec3129aa86fce21ccec502586e44a7f3b3757b44a1e1c
RemcosRAT
+ 208 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/339582/
Cape
Cape
https://www.capesandbox.com/analysis/1155/
Cape
Cape
https://www.capesandbox.com/analysis/1154/
Cape
Cape
https://www.capesandbox.com/analysis/1153/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments