MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a08af875bea49aaded9ad56fddaa62068c2a9dd627ebeee165cf0341352d726. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a08af875bea49aaded9ad56fddaa62068c2a9dd627ebeee165cf0341352d726
SHA3-384 hash: 2595254ba82f646b5fce2b35c302de7336222e4e6a6ce07edc1a3998bcd21bf1f5f9df8bb2d760c93f06f40eee739bf0
SHA1 hash: 2b3ed3d2f6ce0bf39f9bf4283d5fa2ae43a6c052
MD5 hash: c43428c2adb8d23223b9cc9b9d8ae1b9
humanhash: leopard-high-montana-emma
File name:QRFQ625554919_Products_war__Samples_TRAN_THI_THANH_DAO_CO_LTDs.7z
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:341'647 bytes
First seen:2022-03-30 16:18:47 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:VeSSxwj4cvCJA/BbQmMyqnuKqp7+pspf0LnG7yzG/aa5dpPLgyt5qp8r3T:VeSCICJA/BbPMDuKwlf0Ln9zGh5dNLgM
TLSH T1B574239F4377436C8CC2FB3710D5EA2A579A57A306D34B67FA2093816C4AD1E8A4352F
Reporter cocaman
Tags:7z AveMariaRAT RFQ


Avatar
cocaman
Malicious email (T1566.001)
From: "Javen Ho (sales Manager) <TranThiThanh.Dao@phutungxenang.com>" (likely spoofed)
Received: "from tuagencia24.com (unknown [74.50.61.67]) "
Date: "Mon, 28 Mar 2022 11:04:23 +0200"
Subject: "QRFQ625554919"
Attachment: "QRFQ625554919_Products_war__Samples_TRAN_THI_THANH_DAO_CO_LTDs.7z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
169
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe greyware keylogger replace.exe
Link:
https://www.filescan.io/uploads/624482faa19c649412ad5d11/reports/b0148622-de3d-4ecc-adc4-91371bf4b70b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a08af875bea49aaded9ad56fddaa62068c2a9dd627ebeee165cf0341352d726/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-29 10:04:09 UTC
File Type:
Binary (Archive)
Extracted files:
48
AV detection:
22 of 42 (52.38%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=biek7b235je2vxwzvvlp3wvgebumfko5mj7l53qwltydie2s24ta._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220330-tsg8dseba9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.53
Link:
https://yomi.yoroi.company/submissions/0a08af875bea49aaded9ad56fddaa62068c2a9dd627ebeee165cf0341352d726

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

7z 0a08af875bea49aaded9ad56fddaa62068c2a9dd627ebeee165cf0341352d726

(this sample)

AveMariaRAT

Executable exe 66be852b20b6210134ace4c51802bc9fe3aba2ef95ecb31940066a11dfe57c34

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 66be852b20b6210134ace4c51802bc9fe3aba2ef95ecb31940066a11dfe57c34

Comments