MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f95fc08dcdbe713e3a41b5b5d72763b4b3a4c608a1766596c8d055b12b2ee27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f95fc08dcdbe713e3a41b5b5d72763b4b3a4c608a1766596c8d055b12b2ee27
SHA3-384 hash: 767faf362e460c71fde3275bb978946bc454b494eaf2e80ebe8cf51f66466a30ed2aab712a7c08cdadef4cfe30776445
SHA1 hash: 85126e8fb370ef42dbb332a9c36c642fcbc33fa6
MD5 hash: 2e92dba95a496052c4167d37af927bd5
humanhash: victor-ink-zulu-summer
File name:7f95fc08dcdbe713e3a41b5b5d72763b4b3a4c608a1766596c8d055b12b2ee27
Download: download sample
File size:1'856'441 bytes
First seen:2020-06-16 09:28:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7be4c98eebb39d282cdffc1cea8fb470 (661 x AveMariaRAT, 29 x Riskware.Generic)
ssdeep 12288:Q99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSG9dA7W2FeDSIGVH/KIDgB:k1gg4CppEI6GGfWDkMQDbGV6eH8tkK
Threatray 818 similar samples on MalwareBazaar
TLSH 13859E6177620C27D2532970FD0FC270B855BD9D1358669F2BBABE0C6BEB781305628B
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
WarzoneRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/10683/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Win.Malware.Daqc-6598201-0
Create hunting rule

Win.Malware.Ursu-6793772-0
Create hunting rule

Win.Malware.Ursu-6914171-0
Create hunting rule

Gathering data
Threat name:
Win32.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 23:56:50 UTC
File Type:
PE (Exe)
Extracted files:
63
AV detection:
26 of 28 (92.86%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
033d1c64c903216b32c03af9406373ab18aff0192e2b0181a5ac5733bbd94238
0661a441ae0af8542687aeb35aa00942b5b2bd1543c35574c0f4cb4592ed4c36
1e33e543cd3c39eb1ea8e307902cc5ca413d2f719dc357629359e3e7e0bbaa4b
65afb4a852750914ac4305f80a7b3af6110eecf36b17bb68f4e55b17426c6d5b
80f261e0af58da2e11d1ce255795fe9eb839be94248e118e6777483894a5eb67
99a98bc6f2caf5e6fe3e6ada1af35586392ea48a28bc601522bed98454cc6af6
9a44822008b9184aa988783e60654bf9d9311cb43fe96711e7cfe7aaf4e7756b
b9eb219ce57af2c2320bab070cc02c9c1e263b6cf79205a0799129bf29d22a5f
dedad3d7a97da9f0103dd87d86a422e38f581879c41ab07594d141eb303d2de9
f2f2480af56f120f4d1f6586940ed898766a86509a2de41c5fea7f305d21b6fe
+ 808 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/200624-q4ery7gmz6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Suspicious use of SetThreadContext
Adds Run entry to start application
Loads dropped DLL
Modifies Installed Components in the registry
Modifies the visibility of hidden or system files
Executes dropped EXE
Modifies WinLogon for persistence
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10683/

Comments