MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa885ac71348f4849359baf40fad7e039d4112e6fdf5a269a3686bab89379dad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa885ac71348f4849359baf40fad7e039d4112e6fdf5a269a3686bab89379dad
SHA3-384 hash: be02ff3a8be0b0593446317eca73873df4fda0c5d9ec2493cb68fda327a10fe7665e64d23db394f7a44c10471a7619cb
SHA1 hash: f4a3b9e717b686c2ed486178f811c0326b61a18f
MD5 hash: 81a1fad50e5a9626d5c980bb1b0dbc4b
humanhash: shade-hawaii-venus-maryland
File name:PhoenixMiner_5.4d_Windows.zip
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:8'124'318 bytes
First seen:2020-12-23 22:34:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:QXv5KALW6Nc04cb3084q16G5fKfiI57mtTXhN8xAGwVUWDJg08kSc:aVL7Nb4ak8l1R5CqIdmNXhGwV9Mw
TLSH FF86334B4DABD631EB7F72B5E23F5623A58F21DA45E320C3536E4050E7284C74E2A4A7
Reporter o2genum
Tags:exe RemcosRAT


Avatar
o2genum
Fake PhoenixMiner version distributed by bots in the bitcointalk.com thread.

Intelligence

File Origin
# of uploads :
1
# of downloads :
835
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.JS_Zip_18.UNOFFICIAL
Create hunting rule

PUA.Win.Packer.Exe-6
Create hunting rule

Result
Verdict:
8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa885ac71348f4849359baf40fad7e039d4112e6fdf5a269a3686bab89379dad/
Threat name:
Win32.Trojan.Miner
Create hunting rule
Status:
Malicious
First seen:
2020-12-23 22:35:06 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.61
Link:
https://yomi.yoroi.company/submissions/fa885ac71348f4849359baf40fad7e039d4112e6fdf5a269a3686bab89379dad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RemcosRAT

zip fa885ac71348f4849359baf40fad7e039d4112e6fdf5a269a3686bab89379dad

(this sample)

anyrun
any.run
https://app.any.run/tasks/eb7e4931-6abd-4acc-a4c3-895c05013337
  
Delivery method
Distributed via web download

Comments