MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1695ad60460ba5f20b2ca8c092e25594afcdcfd8cc57cf594aa58318b3ca6858. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1695ad60460ba5f20b2ca8c092e25594afcdcfd8cc57cf594aa58318b3ca6858
SHA3-384 hash: b58baa2c0bf19c9b2bac2f5e30a6fecae805d39f72cabb76333b6cbdbbfcc0abd9afcf7ae88c6d9979d22db4f10935e4
SHA1 hash: 9eb85f9b4b2b8bb3b5f686d2e9d51abf7c71bb97
MD5 hash: 9c4118819793939a0320a5e2242f3066
humanhash: glucose-zebra-leopard-eleven
File name:PO45351SBY SP-SENSOR MARS INDONESIAMAKASSAR,pdf.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:117'854 bytes
First seen:2020-08-19 13:42:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:1lu8xlvNYwj6Mq1rQpnm6POlKQLN/H8CRpfyypVC:e8p5q1sRWlKQ5pjfnpVC
TLSH 3FB31231A4FF4B3C2418279CFA4E112FB19EAD4789C7C3972B5FAD914055AD3A1CBA44
Reporter abuse_ch
Tags:AveMariaRAT zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: daikinapplied.co.id
Sending IP: 193.169.253.153
From: Yuli <yuli@daikinapplied.co.id>
Subject: PO45351-SBY SP-SENSOR MARS INDONESIAMAKASSAR
Attachment: PO45351SBY SP-SENSOR MARS INDONESIAMAKASSAR,pdf.zip (contains "PO45351SBY SP-SENSOR MARS INDONESIAMAKASSAR,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1695ad60460ba5f20b2ca8c092e25594afcdcfd8cc57cf594aa58318b3ca6858/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 10:05:10 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c2k22ycgbos7eczmvdajfysvssx43t6yzrl46wkkuwbrrm6knbma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1695ad60460ba5f20b2ca8c092e25594afcdcfd8cc57cf594aa58318b3ca6858

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip 1695ad60460ba5f20b2ca8c092e25594afcdcfd8cc57cf594aa58318b3ca6858

(this sample)

AveMariaRAT

Executable exe 0965d785568aca4b3f8e17965732bb37422345b0f1c94148cc62b4c09ddb7a89

  
Dropping
MD5 76dd67a58526ea07eb3dfbc0b5d297bd
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0965d785568aca4b3f8e17965732bb37422345b0f1c94148cc62b4c09ddb7a89

Comments