MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5dea44a2d2fc0b39ac006a205011b1fe30ef15ad69536f263ced6423a8280a1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	5dea44a2d2fc0b39ac006a205011b1fe30ef15ad69536f263ced6423a8280a1d
SHA3-384 hash:	8301d07acc6a5ac521b73ca2b25e5e2ea7752b99785c1ee1abeeeee4e270da58e275fe88c5f55ec86d5191e5504e3972
SHA1 hash:	fd9b027bfe68b35d36980d007b841b9695ed438b
MD5 hash:	3f4baaac413d0906693b1b51583edfe5
humanhash:	fourteen-uranus-berlin-alabama
File name:	5dea44a2d2fc0b39ac006a205011b1fe30ef15ad69536f263ced6423a8280a1d
Download:	download sample
File size:	5'807'241 bytes
First seen:	2020-07-06 06:35:38 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	676f4bc1db7fb9f072b157186a10179e (1'400 x AveMariaRAT, 37 x Riskware.Generic, 2 x njrat)
ssdeep	49152:ATU7AAmw4gxeOw46fUbNecCCFbNecjF6mw4gxeOw46fUbNecCCFbNecE:ATU7d9xZw46G8q8m69xZw46G8q8R
Threatray	2'095 similar samples on MalwareBazaar
TLSH	3C46BFD7B62A409BE527E876B00F672152D8BD3C9300A75F6B393F5684E36C9D182B43
Reporter	JAMESWT_WT

Intelligence

File Origin

# of uploads :

1

# of downloads :

56

Origin country :

n/a

Vendor Threat Intelligence

Detection:

WarzoneRAT

Link:

https://www.capesandbox.com/analysis/20835/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Running batch commands

Creating a process with a hidden window

Forced system process termination

Creating a window

Creating a file in the %temp% directory

Creating a file

Launching a process

Creating a file in the Windows subdirectories

Enabling the 'hidden' option for recently created files

Creating a process from a recently created file

Unauthorized injection to a recently created process

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Creating a file in the mass storage device

Unauthorized injection to a recently created process by context flags manipulation

Enabling autorun with Startup directory

Unauthorized injection to a system process

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5dea44a2d2fc0b39ac006a205011b1fe30ef15ad69536f263ced6423a8280a1d/

Threat name:

Win32.Spyware.AveMaria

Status:

Malicious

First seen:

2020-06-24 00:39:21 UTC

File Type:

PE (Exe)

Extracted files:

28

AV detection:

29 of 31 (93.55%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

2514f7c0a5815b1208a348e078fe32cdff4e00bb7bf0298f7e8ad85312ec76da

2cbfb5b5238c10c431fa755298761b8800c34ee953d3e1363e6c61c53830ebcc

3256ac570d3e4b38c32f001c3b38d4472bb812b0dca18a989d9c55121b4ad190

38e2690197334544b58b618112741d94655df46a67efe8abf1c9287bae4e8837

5cb853a95efb63587a4a7565020f6f36a9f7bf6fd2746c5795a06d49b245a666

62d78395696e2c85de61f3bae5cd895eb3919e41ba7e18b6381886280f26efbf

6e0c57860fd63458bbcd929909d9001354d8ff470c66734cba7eaec86c00d446

a54b5b4111c81f54e792a33bfb2c90e39760b2b7e9e86e3848d57c074e3b7435

bb10d53967d703dd945777d9b9b38e03bd3c90fa77e68e7082678a9b02b40235

bd52404743f2914218a89eb081442ab810148fc27b95f799036d5d6767a3f5db

+ 2'085 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/200706-a6hxjkzcan/

Behaviour

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/20835/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample