MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f03dc74c1726fac03fd3c9437f2be7105312b5c9fc55cb3eb88fed59570793f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f03dc74c1726fac03fd3c9437f2be7105312b5c9fc55cb3eb88fed59570793f3
SHA3-384 hash: ed925cb6c26f9889f8b26ba392145fd2b3bd93211e5c2bfdbfa9ef380f8e6ab8310b7fe156efb866c3419b48246bb592
SHA1 hash: a9b6475217c385837e5b1db444c91b952b74a2f2
MD5 hash: c4dd4bc82a36181cd1bd78e9dfb36219
humanhash: fourteen-sierra-idaho-princess
File name:SOA Outstanding.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:271'830 bytes
First seen:2020-08-05 15:35:50 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:pRpirqHjLmVHlz7Qf6H54EJ5+GdXkXxsiIGF8m538UgVXKh:pD7DiVHlHQf6HWEJ8GdXkSwv53tiKh
TLSH 60442373C2DB3D06C54D6862974590B5F1A5C3E0FF16EECCCAA3ED6629283AD441AE09
Reporter abuse_ch
Tags:AveMariaRAT RAT zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: asatelectricals.com
Sending IP: 80.85.157.189
From: finance@asatelectricals.com
Subject: SOA FOR PAYMENT PROCESSING
Attachment: SOA Outstanding.zip (contains "SOA Outstanding.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.7a47ef24bd9b21c2.23076.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f03dc74c1726fac03fd3c9437f2be7105312b5c9fc55cb3eb88fed59570793f3/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6a64otaxe35map6tzfbx6k7hcbjrfnoj7rk4wpvyr7wvsvyhspzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/f03dc74c1726fac03fd3c9437f2be7105312b5c9fc55cb3eb88fed59570793f3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip f03dc74c1726fac03fd3c9437f2be7105312b5c9fc55cb3eb88fed59570793f3

(this sample)

AveMariaRAT

Executable exe 22a420112c97f94c87b2efa2e1d3b46d6f91655c1a86a6b6a1cd94e3e43259af

  
Dropping
MD5 7a47ef24bd9b21c2b0bf06ffe44a7591
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 22a420112c97f94c87b2efa2e1d3b46d6f91655c1a86a6b6a1cd94e3e43259af

Comments