MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c96db90cd78677068e97201eb26c5b0c8a558cd8b8c25607ae181c7a009f10c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c96db90cd78677068e97201eb26c5b0c8a558cd8b8c25607ae181c7a009f10c
SHA3-384 hash: 0cee1b79c39ed9888ff672f35759818f217deb726a051e8fcd72b6ae2df30521678d6c2441a26e1901976a385954e066
SHA1 hash: 0a6cf7e3c407ad017ceb4c58061ade7e04d3fcc1
MD5 hash: ccf1a31681655d42d959f2f7655b57ef
humanhash: beer-florida-robert-michigan
File name:kmt_78C7.exe
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:49'152 bytes
First seen:2020-04-10 17:45:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 420bb03c6f3c8f3fa85b6f4fbe23cb10 (1 x AveMariaRAT)
ssdeep 768:mWKVkgHozY82MKOoaLZZTd22AhFVMhJrWw:TKVksozY82SLZZ5xAhFVAl
Threatray 925 similar samples on MalwareBazaar
TLSH 16232966F604F176E8454BB53F26C7A800A27D315C118907B7887F1F1F79A84ECA93AB
Reporter James_inthe_box
Tags:AveMariaRAT exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Genkryptik-7600017-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-06 07:42:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nslnxegnpbtxa2hjoia6wjwfwdekkwgnrogckyd24ga4piaj6ega._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
12294db47384dc27b2fa9acf8167d7a0562a8d80aee861af40dc551a5b47ef34
AveMariaRAT
56af437f8b3b60b32b7cba77fa159138a777a48e98ce0215e8ec6f97ef12b223
AveMariaRAT
64f9f1bc127c111ad02307ddc1ff43b2f9c14eb2104348a0d2bdc86d1b82580c
AveMariaRAT
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
AveMariaRAT
8b9b9e661bf4fc6618db328021ed256745fd148aae1a44b097cc106660fa45f7
AveMariaRAT
8fac7f5a497d4b313250507c1939fab835e49b75f532dea338231747784588da
AveMariaRAT
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
AveMariaRAT
c804f5f16c0a482839a2b519a7f7d5183d9b3e12bdcce8bc36d7463294668c25
AveMariaRAT
d73498e0aabb97375783af491aded66aa6710ba848247de3337f404fa02a35c0
AveMariaRAT
e93ea58602fabb383b5624b79dd683dceaff52b89f0765dc66be19d938348718
AveMariaRAT
+ 915 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AveMariaRAT

Executable exe 6c96db90cd78677068e97201eb26c5b0c8a558cd8b8c25607ae181c7a009f10c

(this sample)

AveMariaRAT

Executable exe cad851d943cb185cb15220b74b66ba5f60058d0b155c020db6b71315183f940c

  
Delivery method
Other
  
Dropping
SHA256 cad851d943cb185cb15220b74b66ba5f60058d0b155c020db6b71315183f940c
  
Dropping
MD5 4298cdf87b194f36ee03918c0beeb7ab

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments