MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7476070c66d620578be9e5f9e8d41e88f6b55bbd6c96e62f0b5ff592710362d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7476070c66d620578be9e5f9e8d41e88f6b55bbd6c96e62f0b5ff592710362d8
SHA3-384 hash: 4ce9db69d882b2fba358d08ae8d04608134fecc7ebdee756a6b66f5b490440ffb2d05f6b01cb7e261469dc40b91ca312
SHA1 hash: 7398a1c99e86f8ac2bfab8a31e8beef1dd2eb887
MD5 hash: 06eb4f52f3d3a88fd6349023074b8093
humanhash: solar-steak-music-xray
File name:Inquiry100629.img
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-06 08:49:01 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:xNtq7Sbi/pLMdLOjMHH5WG132KhyPcG7i+n3HAApBz+HVl:xNouMQdL8M1NhyPDPn3Vk
TLSH D745BFB70246BEDAF72D0E74D54422400DB85C6BAB70C94DBDCC31C963B2B50AEB9A71
Reporter abuse_ch
Tags:AveMariaRAT img nVpn RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: mail.dirickx.mg
Sending IP: 213.136.83.114
From: H-TECH CO Ltd <sales@h-tech.co.kr>
Subject: Re: Re: Order Enquiry
Attachment: Inquiry100629.img (contains "Inquiry1006290pdf.exe")

AveMariaRAT C2:
194.5.99.31:9087

Hosted on nVpn:

% Information related to '194.5.99.0 - 194.5.99.255'

% Abuse contact for '194.5.99.0 - 194.5.99.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.99.0 - 194.5.99.255
netname: INTER_CLOUD_SERVICES_RUSSIA
admin-c: ICTR1-RIPE
tech-c: ICTR1-RIPE
org: ORG-ICR2-RIPE
country: RU
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-07-20T20:42:53Z
last-modified: 2020-07-04T13:20:18Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7476070c66d620578be9e5f9e8d41e88f6b55bbd6c96e62f0b5ff592710362d8/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 01:30:33 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=or3aoddg2yqfpc7j4x46rva6rd3lkw55nslomlyll72ze4idmlma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

img 7476070c66d620578be9e5f9e8d41e88f6b55bbd6c96e62f0b5ff592710362d8

(this sample)

AveMariaRAT

Executable exe b2d2fb4b44455c19c6274c4c988e675a95ad9fc2f868b0abfeafba7a51426762

  
Dropping
MD5 b99da3369b0376984e04acc45de4933c
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b2d2fb4b44455c19c6274c4c988e675a95ad9fc2f868b0abfeafba7a51426762

Comments