MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb91de5a3ce80ac51fded1719dc72c6c71acadc65ada3262e7bc74dac41cd65a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BruteRatel


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb91de5a3ce80ac51fded1719dc72c6c71acadc65ada3262e7bc74dac41cd65a
SHA3-384 hash: e52d23383b3b60c0bd819238f0d9243562906d832b67ec3abf9a5b4a6d739532fd4ca7b8d89b4d534a4ed05e0a18719d
SHA1 hash: 4e8466ed384dec05aa8f524eab12aa5b723ae919
MD5 hash: 04f1eb0ebaf71f827da7b1c4656960ad
humanhash: william-lithium-iowa-october
File name:remote2.exe
Download: download sample
Signature BruteRatel
Create hunting rule
File size:7'797'127 bytes
First seen:2026-02-28 20:56:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ad1a33bd97238a4adf5548ab2780abe1 (1 x BruteRatel)
ssdeep 196608:g6T3C4LnVV1KlHGL+av/BeK59dnR1T8cbs3noJo:DTS4Lb1KlHc+av/Bem9/1YcoYJ
Threatray 1 similar samples on MalwareBazaar
TLSH T1D276337677C06CB2F19C1A39CCDA7E566632FAA09D55582FF0ACEDC76E1A000905C6E3
TrID 93.8% (.EXE) Win32 Executable Borland Delphi 7 (664796/42/58)
2.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
1.4% (.EXE) DOS Borland compiled Executable (generic) (10000/1/2)
0.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
0.6% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter juroots
Tags:BruteRatel exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
131
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
remote2.exe
Verdict:
No threats detected
Analysis date:
2026-02-28 12:19:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/581e4383-a52e-4697-b3f9-eb584a17dab1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/55040/
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a2dd438fffa866e3b34701
Tags:
injection extens virus
Verdict:
Malicious
Labled as:
Trojan.Downloader.oa
Link:
https://www.hybrid-analysis.com/sample/fb91de5a3ce80ac51fded1719dc72c6c71acadc65ada3262e7bc74dac41cd65a
Result
Gathering data
Verdict:
Clean
File Type:
exe x32
Link:
https://opentip.kaspersky.com/fb91de5a3ce80ac51fded1719dc72c6c71acadc65ada3262e7bc74dac41cd65a/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/d4365c7a-c999-4daa-bf9d-7cb5b4525aaa
Score:
56%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/fb91de5a3ce80ac51fded1719dc72c6c71acadc65ada3262e7bc74dac41cd65a
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb91de5a3ce80ac51fded1719dc72c6c71acadc65ada3262e7bc74dac41cd65a/
Verdict:
Malicious
Threat:
Family.BRUTERATEL
Link:
https://tip.neiki.dev/file/fb91de5a3ce80ac51fded1719dc72c6c71acadc65ada3262e7bc74dac41cd65a
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7oi54wr45afmkh662fyz3rzmnry2zlogllndeyxhxr2nvra42zna._file
Verdict:
suspicious
Label(s):
infy
Create hunting rule
Similar samples:
error
BruteRatel
fb91de5a3ce80ac51fded1719dc72c6c71acadc65ada3262e7bc74dac41cd65a
BruteRatel
Result
Malware family:
bruteratel
Create hunting rule
Score:
  10/10
Tags:
family:bruteratel backdoor discovery
Link:
https://tria.ge/reports/260228-zrswdsgw2a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Brute Ratel C4
Bruteratel family
Detect BruteRatel badger
Unpacked files
SH256 hash:
fb91de5a3ce80ac51fded1719dc72c6c71acadc65ada3262e7bc74dac41cd65a
MD5 hash:
04f1eb0ebaf71f827da7b1c4656960ad
SHA1 hash:
4e8466ed384dec05aa8f524eab12aa5b723ae919
Link:
https://www.unpac.me/results/ce5ed7a3-e6e6-48e2-bfe0-d1338e1fe644/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb91de5a3ce80ac51fded1719dc72c6c71acadc65ada3262e7bc74dac41cd65a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BruteRatel

Executable exe fb91de5a3ce80ac51fded1719dc72c6c71acadc65ada3262e7bc74dac41cd65a

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/55040/
  
URLhaus
https://urlhaus.abuse.ch/url/3787944/
  
Delivery method
Distributed via web download

Comments