MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f013f46c8fc3e8f5cf90a70b4a798e95c368808e9d3c36ff66cefbe959dbc06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f013f46c8fc3e8f5cf90a70b4a798e95c368808e9d3c36ff66cefbe959dbc06
SHA3-384 hash: a26dceb0057baf6b7df0bf0544ded87c67f73d2a7ebdaf789f22279acec3ab6b3a72bb9c75e0b30719072a7db98fb4c1
SHA1 hash: 3c6cf3412cc7fc4f76b4ceab9ab86b72b58489f1
MD5 hash: 3b7f5e6393dc359daf58643b2f08929d
humanhash: west-rugby-london-lima
File name:New QUOTATION.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:541'497 bytes
First seen:2020-07-08 06:27:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:bL5fJcSjbQfLRKQDC9ZemNAbnLktgAbgmZZL6m8mncZmMw/R:bNf2Sof9i9ZBAbnhAUmZZL6mJcZX4R
TLSH 0BB423BF4F0E196CB6D77DF124574E80EE904F9549EE1A92C3A007E5767AB887D48403
Reporter abuse_ch
Tags:AveMariaRAT zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hanbing.wwqasklj.cn
Sending IP: 45.140.168.119
From: Juan Lorenzo <juan.lorenzo@gcelsa.com>
Reply-To: Jennifer123@gmx.co.uk
Subject: REQUEST FOR QUOTATION
Attachment: New QUOTATION.zip (contains "New QUOTATION.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0f013f46c8fc3e8f5cf90a70b4a798e95c368808e9d3c36ff66cefbe959dbc06/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 06:29:05 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b4at6rwi7q7i6xhzbjyljj4y5fodncai5hj4g37wntx35fm5xqda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip 0f013f46c8fc3e8f5cf90a70b4a798e95c368808e9d3c36ff66cefbe959dbc06

(this sample)

AveMariaRAT

Executable exe e6d6cda38ec798c76fb5727c7af199c496408484c68f3d7c0d34d6be09900ca0

  
Dropping
MD5 3162b1cabee9fd3d873f5db5f189bc08
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e6d6cda38ec798c76fb5727c7af199c496408484c68f3d7c0d34d6be09900ca0

Comments