MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fea17b67e04a88bf2262041ef052514f2bbaf0d059c503736d3fb7058835ae19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fea17b67e04a88bf2262041ef052514f2bbaf0d059c503736d3fb7058835ae19
SHA3-384 hash: 2949e50dff9406e6663981d8fc9b7638752ff7f2ec64efd6987d99eadfeafd8cc97ba458b1d022db15bf18962a79d913
SHA1 hash: 485781603dde7f8860b7df8d85b4c5cacd8d84f3
MD5 hash: a0091ca4dc4c18c7f425fc0ae6823787
humanhash: thirteen-undress-high-vegan
File name:Product Details & Photos_PDF.bat
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:671'809 bytes
First seen:2025-09-16 09:22:41 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 12288:B0Ycw1QqtdY5T7WAZvr/Z4916/Nn52n8ocBADrOZM:B6OhYg49490ji
Threatray 39 similar samples on MalwareBazaar
TLSH T157E412290FE63EAE97D4C52D20CD9EDA017D1B9C01C114AA720BBDC4CE99E2B45F56F8
Magika txt
Reporter lowmal3
Tags:bat RemcosRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Product Details & Photos_PDF.bat
Verdict:
No threats detected
Analysis date:
2025-09-16 09:25:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b8d15dd6-a677-4670-b035-4c458875f15d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/27708/
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68c92c93d49ea3f1e4b65a91
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
base64 cmd evasive lolbin masquerade obfuscated powershell timeout
Link:
https://www.filescan.io/uploads/68c92c8a0d1238ff0aacd033/reports/4296130d-5f94-469c-a867-c9062f67cde9/overview
Verdict:
Suspicious
Link:
https://www.hybrid-analysis.com/sample/fea17b67e04a88bf2262041ef052514f2bbaf0d059c503736d3fb7058835ae19
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-16T05:20:00Z UTC
Last seen:
2025-09-16T05:20:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan.BAT.Obfus.gen
Link:
https://opentip.kaspersky.com/fea17b67e04a88bf2262041ef052514f2bbaf0d059c503736d3fb7058835ae19/results?tab=lookup
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1778382
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fea17b67e04a88bf2262041ef052514f2bbaf0d059c503736d3fb7058835ae19
Detection:
remcos
Create hunting rule
Link:
https://mwdb.cert.pl/sample/fea17b67e04a88bf2262041ef052514f2bbaf0d059c503736d3fb7058835ae19/
Verdict:
Malicious
Threat:
Family.REMCOS
Link:
https://tip.neiki.dev/file/fea17b67e04a88bf2262041ef052514f2bbaf0d059c503736d3fb7058835ae19
Threat name:
Script-BAT.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-09-16 09:23:36 UTC
File Type:
Text
AV detection:
6 of 24 (25.00%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=72qxwz7ajkel6itcaqppausrj4v3v4gqlhcqg43nh63qlcbvvymq._file
Verdict:
malicious
Label(s):
remcos
Create hunting rule
Similar samples:
0660741f7d4b1e5d29d281abbbcdda47eed2cd899227f2b787dc89e5b628cb82
RemcosRAT
0cd503ae4803c5e2386e0377ff9a301b00f37e11dd9f14083d47877637672070
RemcosRAT
7776dd6eb20f3e1d9cdb52292e61867e97e8a05ffe6bec81ed742e641c1b60c6
RemcosRAT
79dfa99cd001588c4be3821d77f316e88ceedba8aecc8f8dd5dc6f32bd3103e2
RemcosRAT
879ebda15ee112aeb9ab2af26cf2cd59967cd64ced4fdafc3e571caf100ea5f9
RemcosRAT
8c4f9dc690e926dcd3297abaceab93175e866ed2423efc64aa325539ae401803
RemcosRAT
c6499501e5e06658bb2353d8624de75952f86b0b44bb64ec0966ee1e8d97a7bf
RemcosRAT
cc7b56a4bd2ce38278456412fe5b31cf7b742fd23e807b5109617631592fc9c5
RemcosRAT
error
RemcosRAT
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/250916-lcpnjaap31/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fea17b67e04a88bf2262041ef052514f2bbaf0d059c503736d3fb7058835ae19

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Base64_Encoded_Powershell_Directives
Create hunting rule
Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

Batch (bat) bat fea17b67e04a88bf2262041ef052514f2bbaf0d059c503736d3fb7058835ae19

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/27708/

Comments