MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 775188796115cd4ed9c6a6782ac0e2512c0759616395fc0e6193e63850adb4e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 775188796115cd4ed9c6a6782ac0e2512c0759616395fc0e6193e63850adb4e0
SHA3-384 hash: b7b761ab571ad42fb5a945f174052478e254f442a2b869e467e3cb75ecdb7793d9be45979ccc33f2069f0292e95018a0
SHA1 hash: d8fe3f47fd7940357d95016a75a7c93d187522d5
MD5 hash: b57896922aee76a4a0be52f564270496
humanhash: cardinal-neptune-blossom-maryland
File name:RFQ 6000940206_1637487.exe
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:282'624 bytes
First seen:2020-04-03 11:34:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 872725fe81e304e298f3b7993ebd72e8 (1 x AveMariaRAT)
ssdeep 3072:RMyxKmejVC4cepFMOJEvkYYYPYZ5YYYYYYYYYYYYMRYYYYYYYYYYYYYsWYYYYYYu:RMyU5jrcuM6bbvjZr
Threatray 605 similar samples on MalwareBazaar
TLSH 8C547F91E255FCE8E429043685B9E528150BAF3DF4A8493F28AA351D65B734370FBE0F
Reporter jarumlus
Tags:AveMariaRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Hzzv-7433640-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Barys
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 12:43:00 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
17 of 47 (36.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o5iyq6lbcxgu5woguz4cvqhckewaowlbmok7ydtbsptdqufnwtqa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
AveMariaRAT
14bd280177ece118d671795a8b372a0d7de0f3ad3b842ed35726d9b587cb1608
AveMariaRAT
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
AveMariaRAT
722c38612f58a2762ae67f38d4342c7aaa59c89c3546cbe0d69f4700b55420fa
AveMariaRAT
8018cda9143d0dfeddb6ef8e5e90a920d837d0bb7eea826b9ce37f3c96850859
AveMariaRAT
85774cdd3163c5e259dafdf67b113fd69fa8f4f9ebd964ee91b099bd2f58ebfd
AveMariaRAT
97e006c5ca29100601289b632e22049f5d8f955c008073fea9791b13cd10849c
AveMariaRAT
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
AveMariaRAT
c97112bbfbe643fbde2c2b857761d81d37ed9c7619c0093443800c4ba46a4554
AveMariaRAT
cf5a86737ab13ec2ea858e0d7c635c3a3c79d1deda05e79a81dd1b470dcb0942
AveMariaRAT
+ 595 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AveMariaRAT

Executable exe 775188796115cd4ed9c6a6782ac0e2512c0759616395fc0e6193e63850adb4e0

(this sample)

AveMariaRAT

Executable exe 5dd2674c9f116740c0132fca0553257cd52d8785a7ff47dd6d361b30a9634189

  
Dropping
SHA256 5dd2674c9f116740c0132fca0553257cd52d8785a7ff47dd6d361b30a9634189
  
Dropping
MD5 fcb29ef0cd81bcf73f7961824e0a5e56

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen
MSVBVM60.DLL::__vbaErrorOverflow

Comments