MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e067fd3eb1d8e6660ee532d5462ccaf2e7aa7dbd931e438254fb0f086f2d63bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AveMariaRAT

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	e067fd3eb1d8e6660ee532d5462ccaf2e7aa7dbd931e438254fb0f086f2d63bb
SHA3-384 hash:	30bcd7d109d8ab873f9cc5eee0a72650ea8d567bc9f4b3b23e0efb495af16909a6dfc36d8bdce0b618fc1512cf944a95
SHA1 hash:	28b0a4946ae2b935ed4872469c768fc0e3db2df5
MD5 hash:	e6ecf6fdf82eb59195a70af9ad7f00ca
humanhash:	pasta-hot-september-delta
File name:	Confirmed PO JM19152.pdf.rar
Download:	download sample
Signature	AveMariaRAT Create hunting rule
File size:	180'515 bytes
First seen:	2020-08-19 06:55:35 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	3072:X66btKxUHC7fUGcnd0EH9E/mzAZm0N5RFhaBIOUxIEPTXooSLkFg4dgQ:X6ytK4CIpnd0yyOzsN5Rja0WzoXFg4qQ
TLSH	BC0423B307927E34767F6640B823079BFD372D456C1196967EE3AFD9F2643C18286860
Reporter	abuse_ch
Tags:	AveMariaRAT rar

abuse_ch

Malspam distributing unidentified malware:

HELO: pier.snetdns.com
Sending IP: 89.252.191.14
From: John Wu <fion@fethenaillounge.com>
Subject: Confirmed New Purchase Order PO# JM19152
Attachment: Confirmed PO JM19152.pdf.rar (contains "Confirmed PO# JM19152.pdf.exe")