MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0062f78860dfc6752c72c434e8639d160910e526db4dac901a389763d410026c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0062f78860dfc6752c72c434e8639d160910e526db4dac901a389763d410026c
SHA3-384 hash: 7c1a7d2270649dc11e7ff6318f0017d4de1f7fbdb585945eff2e8d5be8d2dcbe843dee3faa92a54c9c015b9e98ac20d4
SHA1 hash: 3c9bfabb336c29ada2ae659b93fb546368d959cc
MD5 hash: 35ac980943d1fb98cf6fa7eedb764ec9
humanhash: bakerloo-pennsylvania-kentucky-london
File name:T.TCOPYZip 1.rar
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:203'661 bytes
First seen:2020-08-18 07:29:23 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:xrDNLUFAYAFiOLXzZxcYzNmgRrgy1S7tN/IDqsoL:RxaAYAvLXzvRrrILDh
TLSH 3F1412AF2517DA9B18C028E4506B14E231FD7DD6F8B207E16F0DAC973A844D4E4EADB4
Reporter abuse_ch
Tags:AveMariaRAT nVpn Outlook rar RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: EUR05-AM6-obe.outbound.protection.outlook.com
Sending IP: 40.92.91.26
From: Orga Seeds <Orgaseeds@hotmail.com>
Subject: TREAT AS URGENT (T/T CONFIRMATION FOR P.I 008644)
Attachment: T.TCOPYZip 1.rar (contains "Quotation.exe")

AveMariaRAT C2:
194.5.97.8:5200

Hosted on nVpn:

% Information related to '194.5.97.0 - 194.5.97.255'

% Abuse contact for '194.5.97.0 - 194.5.97.255' is 'abuse@kgb-vpn.org'

inetnum: 194.5.97.0 - 194.5.97.255
netname: NET-NINAZU
remarks: ------------------------------------------
remarks: * This network is used for a VPN service.
remarks: * No logs are stored in any shape or form.
remarks: ------------------------------------------
country: EU
admin-c: NVS100-RIPE
tech-c: NVS100-RIPE
org: ORG-NVS2-RIPE
mnt-by: NINAZU-MNT
status: SUB-ALLOCATED PA
created: 2018-07-23T09:31:45Z
last-modified: 2020-08-02T13:13:48Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0062f78860dfc6752c72c434e8639d160910e526db4dac901a389763d410026c/
Threat name:
Win32.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 07:31:15 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=abrppcda37dhkldsyq2oqy45cyerbzjg3ng2zea2hclwhvaqajwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

rar 0062f78860dfc6752c72c434e8639d160910e526db4dac901a389763d410026c

(this sample)

AveMariaRAT

Executable exe 55a6b731215e8aea38a6f556669290c120ab916ac57754e45aca7b28b6cb0b9a

  
Dropping
MD5 8397628b0929a5f88b2ca07fe100c967
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 55a6b731215e8aea38a6f556669290c120ab916ac57754e45aca7b28b6cb0b9a

Comments