MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0ec11682e4e2db15721b4e463d55fbf99ef399b9c635628133fa4f09bf5f3c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemusStealer


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0ec11682e4e2db15721b4e463d55fbf99ef399b9c635628133fa4f09bf5f3c0
SHA3-384 hash: 99982baf9bb3cfff9b3515fae62a1923cfc0a5880ce8ed42108b5d70497a571a6b868cb80ce26352625abb029a1604fb
SHA1 hash: 98af54e1beeb43da6640a165b2d2a9d26681ea6d
MD5 hash: 2e229a8920f6a83433760f315eb373fa
humanhash: network-kentucky-golf-charlie
File name:f0ec11682e4e2db15721b4e463d55fbf99ef399b9c635628133fa4f09bf5f3c0
Download: download sample
Signature RemusStealer
Create hunting rule
File size:204'800 bytes
First seen:2026-06-05 06:51:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c81db0a320cdad5ab41c9a291ea9b6e9 (13 x RemusStealer, 11 x Smoke Loader)
ssdeep 6144:mpFJxVbqzn7nZsdAzjOj2lvF8EIuGVoyqYY:mtxVbqYQlvFE
Threatray 28 similar samples on MalwareBazaar
TLSH T12C14386BD25371FCE553C07882667231B732B63907346EF742A2D334AE329D06E78969
TrID 51.9% (.EXE) Win64 Executable (generic) (6522/11/2)
16.1% (.EXE) OS/2 Executable (generic) (2029/13)
15.9% (.EXE) Generic Win/DOS Executable (2002/3)
15.9% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter JAMESWT_WT
Tags:Click-Hijacking-TDS exe RemusStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
_f0ec11682e4e2db15721b4e463d55fbf99ef399b9c635628133fa4f09bf5f3c0.exe
Verdict:
No threats detected
Analysis date:
2026-06-05 07:12:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6384c5c6-b4c8-4725-89f7-c49cc20f252f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69125/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Spy.21863.20473.8124.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a227202f8676ad4d361448b
Tags:
virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context
Link:
https://www.filescan.io/uploads/6a2271f40ca835b0c2c7c97c/reports/23424793-4c00-418d-b8d2-d5c37b86f977/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/f0ec11682e4e2db15721b4e463d55fbf99ef399b9c635628133fa4f09bf5f3c0
Verdict:
Clean
File Type:
exe x64
First seen:
2026-02-23T00:07:00Z UTC
Last seen:
2026-02-24T00:52:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/f0ec11682e4e2db15721b4e463d55fbf99ef399b9c635628133fa4f09bf5f3c0/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/852284a4-b4c8-4fbc-b014-ba2ed7e07f21
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/f0ec11682e4e2db15721b4e463d55fbf99ef399b9c635628133fa4f09bf5f3c0
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f0ec11682e4e2db15721b4e463d55fbf99ef399b9c635628133fa4f09bf5f3c0/
Verdict:
Malicious
Threat:
Family.REMUSSTEALER
Link:
https://tip.neiki.dev/file/f0ec11682e4e2db15721b4e463d55fbf99ef399b9c635628133fa4f09bf5f3c0
Threat name:
Win64.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2026-02-24 02:10:15 UTC
File Type:
PE+ (Exe)
AV detection:
25 of 36 (69.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6dwbc2bojyw3cvzbwtsghvk7x6m66om3trrvmkath6spbg7v6paa._file
Verdict:
malicious
Label(s):
remus
Create hunting rule
Similar samples:
636aaf7ca40f9e0afc947f9a0f380a1457402afa9f7c968a9a70661b2b489231
RemusStealer
88b9d60764305345d87dee588611de9e9c5bfdbb46d04af61d329112000b098c
RemusStealer
8af75100ed69758e4da91255e0fae90f4ac40db2d1cfe52b9ea90c637ea30a82
RemusStealer
95aa6cb8d1070d033da84cfcfa136ef46a0c6d7192ee06458707a28a7c1c94a9
RemusStealer
a0c1657e74f2f773936a87663bc9b5b2509451066e26ead3c4ce33009b8c6269
RemusStealer
a64e4bbea5983eefb772b8b467504f6242c913e98a8c7fa9a6fd6e4b9a3631de
RemusStealer
b93484fd64dee8ad3b45ddddcb58e54efaf751f33a12c8807f8d0765e8237337
RemusStealer
df439619042ff7816aecc863f5f7e7bc5f317fd53f2c2a16cfb3b058e2bb4160
RemusStealer
error
RemusStealer
+ 18 additional samples on MalwareBazaar
Result
Malware family:
remus_stealer
Create hunting rule
Score:
  10/10
Tags:
family:remus_stealer stealer
Link:
https://tria.ge/reports/260605-hmqrssc19k/
Unpacked files
SH256 hash:
f0ec11682e4e2db15721b4e463d55fbf99ef399b9c635628133fa4f09bf5f3c0
MD5 hash:
2e229a8920f6a83433760f315eb373fa
SHA1 hash:
98af54e1beeb43da6640a165b2d2a9d26681ea6d
Link:
https://www.unpac.me/results/d1b11c24-ef0f-4666-9b57-5f7598cdf8b0/
Malware family:
RemusLogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f0ec11682e4e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f0ec11682e4e2db15721b4e463d55fbf99ef399b9c635628133fa4f09bf5f3c0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/69125/

Comments