MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be6f6f78c95cd6e75ce7bf0c643d3acdf6eaf68d5ed12d0bd6ff71f220c7165c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: be6f6f78c95cd6e75ce7bf0c643d3acdf6eaf68d5ed12d0bd6ff71f220c7165c
SHA3-384 hash: 7fb71603749abf7af742a791e9be6d709afad67c0fb4aae639043c97f53d8f5d09c8698a4c80d6d86481d4de724a2b8b
SHA1 hash: 01ad46f4b2f4454216c9ea7fd2597b652ecfbc32
MD5 hash: cc095a3e639c7eb26fd4ad16bca2626c
humanhash: illinois-oranges-solar-april
File name:be6f6f78c95cd6e75ce7bf0c643d3acdf6eaf68d5ed12d0bd6ff71f220c7165c
Download: download sample
Signature AveMariaRAT
File size:260'192 bytes
First seen:2020-06-29 07:29:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 3072:GK7e6eq20s4hvkXSCJdQl//PrKt5KaUEeCJE1OAMTzA6QZki5l7AmMjkVl5w:GKS/0XhvOhJdMjuGfAEwjQSi5zLHm
TLSH AC44BF277298AF03CBAF15FF8081514443B1A55E7383F3CA5CD254E926D67D31AA2E8B
Reporter @JAMESWT_MHT
Tags:AveMariaRAT

Intelligence


File Origin
# of uploads :
1
# of downloads :
22
Origin country :
IT IT
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
WarzoneRAT
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Status:
Malicious
First seen:
2020-06-25 05:47:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments