MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07c550d81a89943f6d836816d7ab56678cecba4450ec4de144e53e913302b1a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07c550d81a89943f6d836816d7ab56678cecba4450ec4de144e53e913302b1a9
SHA3-384 hash: b5430f6a0875eb9c43850b57196eb8434eb758def760467a0f0617b35fc14a182eb39b3cd1522c4ff818177d1500684c
SHA1 hash: a30ba597e864c2608fed194eaee55c5b61e06ab9
MD5 hash: c6679c57ac9c0d78239baee102b76271
humanhash: king-texas-missouri-coffee
File name:Guqcufv_Signed_.exe
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:1'204'392 bytes
First seen:2020-07-13 12:01:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bfece282ee8fe6d99308046cce6d3bd3 (3 x RemcosRAT, 2 x FormBook, 2 x AveMariaRAT)
ssdeep 24576:bEWNeUebPnGhlh40zI+N//y8QMvMMl8XZf1CDRX1/4LsD+zVxuTB1:wXVnx3O8ouLsD7r
Threatray 631 similar samples on MalwareBazaar
TLSH 1E45AF72B1E11AF6C113093D7D1EB2A95A27FE511FAAEE826FF51D0C8D66142383418F
Reporter abuse_ch
Tags:AveMariaRAT exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtp109.iad3a.emailsrvr.com
Sending IP: 173.203.187.109
From: Fixauto Inc <dave.schlemko@fixauto.com>
Reply-To: dave.schlemo@fixauto.com
Subject: For Your Kind Attention (Order ID: GUQCFV)
Attachment: Guqcufv_Signed_.img (contains "Guqcufv_Signed_.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/25298/
Detection(s):
SecuriteInfo.com.Gen.NN.ZelphiCO.34134.jLY@aW2rikci.16333.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a custom TCP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/07c550d81a89943f6d836816d7ab56678cecba4450ec4de144e53e913302b1a9/
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 12:03:06 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a7cvbwa2rgkd63mdnalnpk2wm6gozosekdwe3yke4u7jcmycwguq._file
Verdict:
malicious
Label(s):
avemaria
Create hunting rule
Similar samples:
220d9dee8512451f79c4ea016e9ed065ca3f378f3f1b29531cee3c686a100cce
AveMariaRAT
4159a61a7c0571bee10a33f8d05ef51de606960476f66a00efcced87680be615
AveMariaRAT
57f4246d683336ab606ba5831ce88a0ff47a42de652f72795fe76169195821e1
AveMariaRAT
60d7b2ab0fb53d37576c2edd50231cc82e87d0c0cee85afddac247cb795164c3
AveMariaRAT
90d5792fd0a2ab859f120bef8f12a28c8f7e4119a43054c22db57e76c7b386a0
AveMariaRAT
b2ebc0f8c302a04961b8c2ed0673384050e5932a370be062788b7630bf188123
AveMariaRAT
b44646b530b067dadca8a6b31582efa9b9738c068a209af3b1bb4d403bd574fc
AveMariaRAT
b58c0db88d6026043bc0db1b5072cd2be7b0ceabf750a9d7275794d69fc04fe1
AveMariaRAT
bfea5a7839b0a45d3e0074b6e3882ada8f6aa913cf7e0d08ba290a49af855596
AveMariaRAT
fd5a7b200d38d962d9dc74639994bb1ecf989ecc189a5c2d06bc5196120f4ea5
AveMariaRAT
+ 621 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/200713-xawhjvjy92/
Behaviour
Modifies registry key
Script User-Agent
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run entry to start application
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

img 1bb377e6413d2aba9a88cea30057245d46780b96fa5c79d3b0333dd6306d7722

AveMariaRAT

Executable exe 07c550d81a89943f6d836816d7ab56678cecba4450ec4de144e53e913302b1a9

(this sample)

  
Dropped by
MD5 247b71730c16aaccf778a10420ad39de
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/25298/
  
Dropped by
SHA256 1bb377e6413d2aba9a88cea30057245d46780b96fa5c79d3b0333dd6306d7722

Comments