MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb95fa20a55260f729584b7932c7dba208dcc5b0a7597be447a72e481e0dcb09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AveMariaRAT


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments

SHA256 hash: bb95fa20a55260f729584b7932c7dba208dcc5b0a7597be447a72e481e0dcb09
SHA3-384 hash: cc008b3a1cb1e115964da0f4be7cd4a52e95a3a10528df80c88a459f4a99a844cf37d15dc5c80fea5636502c79ea254b
SHA1 hash: 95049e53f64a1b5050d697d88ccc8bf62d58e3f6
MD5 hash: db995bcbc1b1ffe95cbde7f316b577bc
humanhash: mountain-south-saturn-grey
File name:SHIPMENTDOCUMENTSPDF.exe
Download: download sample
Signature AveMariaRAT
File size:2'554'880 bytes
First seen:2022-03-28 17:54:45 UTC
Last seen:2022-03-28 18:59:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 05bdc6a6adf04eca38d0953caca5e0fa (1 x AveMariaRAT)
ssdeep 12288:3BEnRe1ljhm1xvNkPJziiPuumDNWnr3Q5WOVI6L4qj7neunRxHfk7D4pa7+oJb:+o1ld8r2JUNJ5WOVI6L7jr/
Threatray 3'353 similar samples on MalwareBazaar
TLSH T1FBC51810B3A12104F9F767FE66F946A4887E3C814B6DA1CF49C50ADAC6296F47C346E3
Reporter Anonymous
Tags:AveMariaRAT exe

Intelligence


File Origin
# of uploads :
2
# of downloads :
178
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
–°reating synchronization primitives
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AveMaria UACMe
Detection:
malicious
Classification:
troj.expl.evad.spyw
Score:
100 / 100
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to hide user accounts
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Initial sample is a PE file and has a suspicious name
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AveMaria stealer
Yara detected UACMe UAC Bypass tool
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.AveMariaRat
Status:
Malicious
First seen:
2022-02-22 14:49:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Result
Malware family:
warzonerat
Score:
  10/10
Tags:
family:warzonerat infostealer rat
Behaviour
Warzone RAT Payload
WarzoneRat, AveMaria
Malware Config
C2 Extraction:
goodies.dynamic-dns.net:5200
Unpacked files
SH256 hash:
b623175a76fc3e8ef05eb478ebb355a1ae18d17c90cab20fcf6d3db6b3c46112
MD5 hash:
044f23af1fcda8e4dd63e6c5b3780d4f
SHA1 hash:
2ae8111424280ec0fd7aac84fe27e6718da1d7b5
Detections:
win_ave_maria_g0 win_ave_maria_auto
SH256 hash:
fc0c90044b94b080f307c16494369a0796ac1d4e74e7912ba79c15cca241801c
MD5 hash:
6b906764a35508a7fd266cdd512e46b1
SHA1 hash:
2a943b5868de4facf52d4f4c1b63f83eacd882a2
SH256 hash:
021d01fe3793879f57a2942664fc7c096710e94e87ad13dc21467c12edf61546
MD5 hash:
ad9fd1564dd1c6be54747e84444b8f55
SHA1 hash:
001495af4af443265200340a08b5e07dc2a32553
SH256 hash:
bb95fa20a55260f729584b7932c7dba208dcc5b0a7597be447a72e481e0dcb09
MD5 hash:
db995bcbc1b1ffe95cbde7f316b577bc
SHA1 hash:
95049e53f64a1b5050d697d88ccc8bf62d58e3f6

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments