MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01ebcc4f8c007d2204c50f1a36ade1694c14ba24604e32a372a4097da6ce2642. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01ebcc4f8c007d2204c50f1a36ade1694c14ba24604e32a372a4097da6ce2642
SHA3-384 hash: bfa832e07a83fbde727364fce0d7ae22bd9c8fc41ea537482387cfe53cdf236b70e552a331d3ff4aaa1e44ca6c20137f
SHA1 hash: 13fc0139334ea0cd1ae1b4122132fdcea35180b8
MD5 hash: 6b1741655fe5f36c54db94652a2a2065
humanhash: robert-sink-lima-pennsylvania
File name:Purchase Contract Order.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:459'517 bytes
First seen:2020-10-06 06:04:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:MiVEDkhc9mbdOrkCkj4txEOeSLYCOQnXXKwy:MiVEDE3OsMtxRLYCRnXaP
TLSH 88A423289D5AB78DEC2DCAD5812785CC667436487138CD87713AF3921D8B22D4E4FCDA
Reporter abuse_ch
Tags:AveMariaRAT zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: fujitec.co
Sending IP: 209.11.159.147
From: PURCHASE DEPT <adminchn@fujitecindia.com>
Subject: Re: New Order and Contract
Attachment: Purchase Contract Order.zip (contains "Order.pdf")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01ebcc4f8c007d2204c50f1a36ade1694c14ba24604e32a372a4097da6ce2642/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-06 02:18:34 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ahv4yt4mab6sebgfb4ndnlpbnfgbjorembhdfi3suqex3jwoezba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/01ebcc4f8c007d2204c50f1a36ade1694c14ba24604e32a372a4097da6ce2642

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip 01ebcc4f8c007d2204c50f1a36ade1694c14ba24604e32a372a4097da6ce2642

(this sample)

AveMariaRAT

Executable exe b0055c111a78ee76cb6946a1e9a22f96b1b0533537865d055f465b03ac1aa7df

  
Dropping
MD5 87ed91228920b08d9228ec61e927c0da
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b0055c111a78ee76cb6946a1e9a22f96b1b0533537865d055f465b03ac1aa7df

Comments