MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15c47465b9a70a7c9d29c824fa5e74ff03e252f9e8083a1ff704f531b2b9a773. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 5 Comments

SHA256 hash: 15c47465b9a70a7c9d29c824fa5e74ff03e252f9e8083a1ff704f531b2b9a773
SHA3-384 hash: 741ff78d75cc8525ca006af2820e39506b3152c8ddacb4c41ad537bca25dee97db6e841958398f0d5211e9d9ca010ebc
SHA1 hash: d1b11120496a4fd985d1141479255723c0ca57d3
MD5 hash: a19d4a614e86ff54a8163e572610c680
humanhash: oscar-lemon-mobile-uranus
File name:15c47465b9a70a7c9d29c824fa5e74ff03e252f9e8083a1ff704f531b2b9a773
Download: download sample
Signature AveMariaRAT
File size:260'480 bytes
First seen:2020-06-29 07:29:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 3072:AK7e6eq20s4hvkXSCJdQl//PrKt5KaUEeCJE1OAMTzA6QZki5l7AmMjkVlSR:AKS/0XhvOhJdMjuGfAEwjQSi5zLHQ
TLSH 9E44BF277298AF03CBAF15FF8081514443B1A55E7383F3CA5CD254E926D67D31AA2E8B
Reporter @JAMESWT_MHT
Tags:AveMariaRAT

Intelligence


File Origin
# of uploads :
1
# of downloads :
20
Origin country :
IT IT
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
WarzoneRAT
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Status:
Malicious
First seen:
2020-06-25 05:05:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext

Yara Signatures


Rule name:Cobalt_functions
Author:@j0sm1
Description:Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT
Rule name:Codoso_Gh0st_1
Author:Florian Roth
Description:Detects Codoso APT Gh0st Malware
Reference:https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Rule name:Codoso_Gh0st_2
Author:Florian Roth
Description:Detects Codoso APT Gh0st Malware
Reference:https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Rule name:MAL_Envrial_Jan18_1
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:win_ave_maria_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments