MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2b3165eb4622865b540b23e6dc5300222d402140266d8263bf2c6fbfb4b9e9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2b3165eb4622865b540b23e6dc5300222d402140266d8263bf2c6fbfb4b9e9f
SHA3-384 hash: d334ad79fe719b8c76c4271fea4dc9dfc25e13272b0427f9d1edc640a64af9f9e7da1659c1002c5a6bb0a1df13db3f2c
SHA1 hash: b11cf6d99a121837423bee44ee8a86b569a303a9
MD5 hash: 03ed5eb215ccc186544bd087a00fbfd3
humanhash: montana-twenty-lion-finch
File name:PO45351SBY SP-SENSOR MARS INDONESIAMAKASSAR,pdf.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:117'104 bytes
First seen:2020-08-19 14:45:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:5Fk4RsLAO+Uf27k00mT6n2P6HjjxULWBv2ElV:5i4SLTtuH0P1DHv/
TLSH E5B312CB066FB77DBCC56337AEDB550717A4AA3156138201A86C901C293EEDD8A90B4F
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: daikinapplied.co.id
Sending IP: 193.169.253.153
From: Yuli <yuli@daikinapplied.co.id>
Subject: PO45351-SBY SP-SENSOR MARS INDONESIAMAKASSAR
Attachment: PO45351SBY SP-SENSOR MARS INDONESIAMAKASSAR,pdf.zip (contains "PO45351SBY SP-SENSOR MARS INDONESIAMAKASSAR,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34387177.5444.12076.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f2b3165eb4622865b540b23e6dc5300222d402140266d8263bf2c6fbfb4b9e9f/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 14:47:09 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6kzrmxvumiuglnkawi7g3rjqairniaquajtnqjr36ldpx62lt2pq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f2b3165eb4622865b540b23e6dc5300222d402140266d8263bf2c6fbfb4b9e9f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip f2b3165eb4622865b540b23e6dc5300222d402140266d8263bf2c6fbfb4b9e9f

(this sample)

AveMariaRAT

Executable exe fa925870975e7c53ec50032872d0c8f7aa23d7832658def21887419f288cbd18

  
Dropping
MD5 aa8450e7c87d140e427ba011cdeb3348
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fa925870975e7c53ec50032872d0c8f7aa23d7832658def21887419f288cbd18

Comments