MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf3b90cfb2a1fcabe1ce28afe3c00a31312e2ca097e9056e0470ab47bdcf22dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf3b90cfb2a1fcabe1ce28afe3c00a31312e2ca097e9056e0470ab47bdcf22dc
SHA3-384 hash: 88b9f396f6488f29f0109ff631a2a2d11971be128e66c580d77ac7448e076eb633edc906fedda3aedf49bff05054e6f9
SHA1 hash: df7010887ecc7bb6bbacf6333587d9ca0e24e422
MD5 hash: b5f2e65e293c74a5018e675df4d3eab6
humanhash: november-pizza-massachusetts-berlin
File name:Quotation.exe
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:1'315'842 bytes
First seen:2020-06-18 06:17:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cc80a9340c5c455e95208d56a13a040a (3 x RemcosRAT, 1 x AveMariaRAT)
ssdeep 24576:G88RMlLc25p1sNakyTPouyefk4DJwPPhvtwGS:GkFc2guyQbDJwXBtI
Threatray 517 similar samples on MalwareBazaar
TLSH 1A555C21A2D19837C0231574DD26A368E829FF102939984E3FE57D885E3678DF82779F
Reporter abuse_ch
Tags:AveMariaRAT exe RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: MTA-08-4.privateemail.com
Sending IP: 198.54.122.58
From: sales03@chinawarmth.com <yz@zjtiachi.com>
Reply-To: sales03@chinawarmth.com <yz@zjtiachi.com>
Subject: Product List & Order
Attachment: Quotation.zip (contains "Quotation.exe")

AveMairaRAT C2:
185.161.208.107:5200

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19672/
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

SecuriteInfo.com.Artemis74E2383EC068.22740.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 02:48:53 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x45zbt5suh6kxyoofcx6hqakgeys4lfas7uqk3qeocvuppopeloa._file
Verdict:
malicious
Label(s):
avemaria
Create hunting rule
Similar samples:
125cb3c64b38341e06ac31caa06939ce0a3a5ec9e8824d7bbb819a6d7e8c8a5f
AveMariaRAT
2a73b5bcf40617742a535178183021aa1f0ed55f85a431e1535a0b65030b6867
AveMariaRAT
33a76af55237d9ba192ee8496fd6c4adc489593705e81c663a890b39e1c92a8e
AveMariaRAT
5178316a133ee4ce629f5b31ddc2fdb8fd6ff8a581174c0a21f41d44ebfcd88d
AveMariaRAT
588a67a610dd3cc4803c3c54d4bbb0c197d542b69cc79bff6559b24e42f09107
AveMariaRAT
8f787ad8df4ea3ee0c0940cf5170cccffa5c5783f065b89581de06c53a20b30c
AveMariaRAT
9188298a545444368a26d4d1fcc9be1e49ed55660891458d75c3dd5a2981c93b
AveMariaRAT
c51058733acbdfdb2281a3278a4fc05df65e823ed324033eef981e940db4dcf4
AveMariaRAT
c59842c19c1b3f0171b40eebfb3e98ddccc4237edcaaa62990a0881ee1f6f798
AveMariaRAT
fae5d87e8771f0025e306697f68afe511275e9772af23dfd081ffbfc0b56f38d
AveMariaRAT
+ 507 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-mey44knxza/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

b46c0d30f92d1e4079f7e5f2f20c8e2b

AveMariaRAT

Executable exe bf3b90cfb2a1fcabe1ce28afe3c00a31312e2ca097e9056e0470ab47bdcf22dc

(this sample)

  
Dropped by
MD5 b46c0d30f92d1e4079f7e5f2f20c8e2b
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/19672/

Comments