MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb8aef0f4faaf86fed3ed65eb84b8a1a5b3a50605e5f4e6f341de33e898d3775. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	fb8aef0f4faaf86fed3ed65eb84b8a1a5b3a50605e5f4e6f341de33e898d3775
SHA3-384 hash:	e70f82a57d7c8771521d48b1f1823612a983fb9f8495ddce76427e6fda67e2e84b584dc213fb8b73b9c1861b4ebedff9
SHA1 hash:	e955361051e157bbc9c48840f071b52bee3a9e5c
MD5 hash:	0db8d65654edb74ae9a691e8ad95f632
humanhash:	twenty-east-kilo-potato
File name:	fb8aef0f4faaf86fed3ed65eb84b8a1a5b3a50605e5f4e6f341de33e898d3775
Download:	download sample
File size:	5'613'194 bytes
First seen:	2020-07-06 06:35:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6bac3cfe8acb6c6c4a30aaa022de2388 (308 x AveMariaRAT, 7 x njrat, 7 x Skeeeyah)
ssdeep	49152:fF6mw4gxeOw46fUbNecCCFbNecLF6mw4gxeOw46fUbNecCCFbNecr:969xZw46G8q8K69xZw46G8q8w
Threatray	1'654 similar samples on MalwareBazaar
TLSH	E5469EC0797E4887E9335672610F9A119988FC3E8780EBA76F377D4685CB182E58734B
Reporter	JAMESWT_WT

Intelligence

File Origin

# of uploads :

1

# of downloads :

64

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/20836/

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-4

PUA.Win.Packer.Asprotect-3

Win.Malware.Ursu-6793772-0

Win.Malware.Ursu-6914170-0

Win.Malware.Ursu-6914171-0

Win.Malware.Poison-6986144-0

Win.Malware.Razy-7056533-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a process from a recently created file

Running batch commands

Creating a process with a hidden window

Forced system process termination

Creating a window

Creating a file in the %temp% directory

Creating a file

Launching a process

Creating a file in the Windows subdirectories

Enabling the 'hidden' option for recently created files

Unauthorized injection to a recently created process

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Creating a file in the mass storage device

Unauthorized injection to a recently created process by context flags manipulation

Enabling autorun with Startup directory

Unauthorized injection to a system process

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fb8aef0f4faaf86fed3ed65eb84b8a1a5b3a50605e5f4e6f341de33e898d3775/

Threat name:

Win32.Spyware.AveMaria

Status:

Malicious

First seen:

2020-06-24 00:37:47 UTC

File Type:

PE (Exe)

Extracted files:

31

AV detection:

25 of 27 (92.59%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

121d2d6690530e93ca3953ec815f19ecfd771f8a6c56196d56bf458049b80231

18c811674f81bc4d798c203000a23bdd374361cadea2229a16672fb3888a2a2c

2cbfb5b5238c10c431fa755298761b8800c34ee953d3e1363e6c61c53830ebcc

38e2690197334544b58b618112741d94655df46a67efe8abf1c9287bae4e8837

4567d8265b3dec803dfa668da8045b70df22802447b48f385fc4eab009648c4c

55461b9a911c4a9fb7de66db5a891b859755f5cab7cde452c2e43f68822fda5a

5cb853a95efb63587a4a7565020f6f36a9f7bf6fd2746c5795a06d49b245a666

62d78395696e2c85de61f3bae5cd895eb3919e41ba7e18b6381886280f26efbf

a54b5b4111c81f54e792a33bfb2c90e39760b2b7e9e86e3848d57c074e3b7435

bb10d53967d703dd945777d9b9b38e03bd3c90fa77e68e7082678a9b02b40235

+ 1'644 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/200706-vs29tx3sln/

Behaviour

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/20836/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample