MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e2057d87c5ccd7e1ecd13f4c63ba0b75176292ad4b31e59cbc35c053f719861. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e2057d87c5ccd7e1ecd13f4c63ba0b75176292ad4b31e59cbc35c053f719861
SHA3-384 hash: 7bea0b47893a48e869edbc4b4922992578056f90686434eeb5346c15fc44060702d81864fd995b9ebef344d60e349078
SHA1 hash: 149975fccb41363876ff8c746dd62e6a9275ad48
MD5 hash: 460b2c48dfe6a28aa39cef5610311852
humanhash: delta-thirteen-alpha-undress
File name:00967842253129.POF.gz
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:262'941 bytes
First seen:2020-10-20 06:21:46 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:QZVNBflNcs8O5qnH4zAj40ssZcUC+1ruQPb:QZVxN78O5MH4zAOsZz8g
TLSH 2A442210721096E6D622C1BBC59904EB1B5DEC7F9222DCD60FB268B2DAD858590B3DF3
Reporter abuse_ch
Tags:AveMariaRAT ESP geo gz RAT Santander


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: pagetoday1.vservers.es
Sending IP: 188.164.197.140
From: Factoring y Confirming - Grupo Santander <fycout@gruposantander.com>
Subject: Confirming - Aviso de pago
Attachment: 00967842253129.POF.gz (contains "00967842253129.POF.exe")

AveMariaRAT C2:
51.195.140.238:5200

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e2057d87c5ccd7e1ecd13f4c63ba0b75176292ad4b31e59cbc35c053f719861/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 22:00:39 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=byqfpwd4ltgx4hwncp2mmo5aw5ixmkjk2szr4wolynoakp3rtbqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0e2057d87c5ccd7e1ecd13f4c63ba0b75176292ad4b31e59cbc35c053f719861

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

gz 0e2057d87c5ccd7e1ecd13f4c63ba0b75176292ad4b31e59cbc35c053f719861

(this sample)

AveMariaRAT

Executable exe a21a0d414080476ea51f99a3d207c12e1e9b15646b39338e989ed817a91429f6

  
Dropping
MD5 759f1fdccc461c30afaa4cb6ad98b428
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a21a0d414080476ea51f99a3d207c12e1e9b15646b39338e989ed817a91429f6

Comments