MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b535452727edf06280c495b190c10eb0a90522fad1c61cae8bfeef9b84a4879. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AveMariaRAT

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	8b535452727edf06280c495b190c10eb0a90522fad1c61cae8bfeef9b84a4879
SHA3-384 hash:	b06d52eec5b46ee0f7aac32d126f0f0d36e320f89e80728694c851c4f7deeaa9bfe2cd77fa7ce7b240213e65424b3760
SHA1 hash:	6de7b931dfe502f1c48c7b08cc7961fa905b5e19
MD5 hash:	70ab7f173c9ad785fc0d585c8ca685f9
humanhash:	asparagus-table-yellow-march
File name:	bing.bin
Download:	download sample
Signature	AveMariaRAT Create hunting rule
File size:	85'504 bytes
First seen:	2021-02-07 11:34:46 UTC
Last seen:	2021-02-07 13:49:11 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	e2f5908cb62b40e29dda3bd159ac81d7 (1 x AveMariaRAT)
ssdeep	1536:V9kB2Ek4erWsuuu7GxnHU6AJvQIb5sW/zcdSZSkcQhu:V9kDpuuyh8lb2SZSkPI
Threatray	1 similar samples on MalwareBazaar
TLSH	07834900F5D1C475E57E1A350874EAB55B7D7920CFE1CEAB3B94022E4E702D0AE36E6A
Reporter	Arkbird_SOLG
Tags:	apt Confucius dll

Intelligence

File Origin

# of uploads :

2

# of downloads :

248

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/115977/

Detection(s):

SecuriteInfo.com.Variant.Johnnie.292918.20770.9984.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/601274

Signature

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Rundll32 performs DNS lookup (likely malicious behavior)

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8b535452727edf06280c495b190c10eb0a90522fad1c61cae8bfeef9b84a4879/

Threat name:

Win32.Trojan.Fsysna

Status:

Malicious

First seen:

2021-02-07 02:46:00 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Verdict:

suspicious

Similar samples:

07277c9f33d0ae873c2be3742669594acc18c7aa93ecadb8b2ce9b870baceb2f

Result

Malware family:

n/a

Score:

7/10

Tags:

ransomware

Link:

https://tria.ge/reports/210207-36kwwrvte6/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops startup file

Unpacked files

SH256 hash:

8b535452727edf06280c495b190c10eb0a90522fad1c61cae8bfeef9b84a4879

MD5 hash:

70ab7f173c9ad785fc0d585c8ca685f9

SHA1 hash:

6de7b931dfe502f1c48c7b08cc7961fa905b5e19

Link:

https://www.unpac.me/results/55f57ceb-1f19-4ad6-a9ce-38f0c6da62c2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8b535452727edf06280c495b190c10eb0a90522fad1c61cae8bfeef9b84a4879

File information

The table below shows additional information about this malware sample such as delivery method and external references.

rtf 8ecf1c276e10e3f3e9f7bc9e728fde9abea23348a2af6ce70269008d632a412d

DLL dll 8b535452727edf06280c495b190c10eb0a90522fad1c61cae8bfeef9b84a4879

(this sample)

X

https://twitter.com/ShadowChasing1/status/1358241114654871552

X

https://twitter.com/mg2_tracy1/status/1358246040302850055

Dropped by

SHA256 8ecf1c276e10e3f3e9f7bc9e728fde9abea23348a2af6ce70269008d632a412d

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/115977/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample