MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 da1305da0ae76ad97c57d683d406bb1c45bc112199504df3eb6e62b516696e6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
AveMariaRAT
Vendor detections: 4
| SHA256 hash: | da1305da0ae76ad97c57d683d406bb1c45bc112199504df3eb6e62b516696e6a |
|---|---|
| SHA3-384 hash: | 30029987cfc35c16311f5ab22db3bf99e9985da41ed487167c89369476403542a1d29d61ed187fc085ff769e6140f68a |
| SHA1 hash: | 860b0406f14da4fbad1d18755ff209657291f22a |
| MD5 hash: | f9dac524b97c8b4913a5321dd73f4c58 |
| humanhash: | fix-asparagus-sad-cold |
| File name: | DA1305DA0AE76AD97C57D683D406BB1C45BC112199504DF3EB6E62B516696E6A |
| Download: | download sample |
| Signature | AveMariaRAT |
| File size: | 1'254'400 bytes |
| First seen: | 2020-04-09 20:12:09 UTC |
| Last seen: | 2020-04-09 20:32:22 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 10cae653ca0908b845a6e7db5a47e2f6 (1 x AveMariaRAT) |
| ssdeep | 12288:YvT/aiiZuuW7vQ/WwWGY5ZI5vU+IyYwntOJ2lkgwx4:cThYWwWGY5ZI5vXv4a |
| Threatray | 479 similar samples on MalwareBazaar |
| TLSH | 6845F601A691C017F8B712FA85AE636C59FDBAE1131490D751C01EFDB66CAF3AC31A36 |
| Reporter |  nbd33 |
| Tags: | AveMariaRAT COVID-19 exe |
Intelligence
File Origin
# of uploads :
2
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-04-09 20:35:35 UTC
File Type:
PE (Exe)
Extracted files:
12
AV detection:
23 of 31 (74.19%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
avemaria
Similar samples:
+ 469 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| WIN32_PROCESS_API | Can Create Process and Threads | KERNEL32.dll::CloseHandle |
| WIN_BASE_API | Uses Win Base API | KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryExW KERNEL32.dll::GetSystemInfo KERNEL32.dll::GetStartupInfoW KERNEL32.dll::GetCommandLineA KERNEL32.dll::GetCommandLineW |
| WIN_BASE_EXEC_API | Can Execute other programs | KERNEL32.dll::WriteConsoleW KERNEL32.dll::SetConsoleCtrlHandler KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleCP KERNEL32.dll::GetConsoleMode |
| WIN_BASE_IO_API | Can Create Files | KERNEL32.dll::CreateFileW |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.