MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12d6478d5a99732e39a8654f6e7b5872621c42212f32f3fb7e5e36cd0f1e8b92. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12d6478d5a99732e39a8654f6e7b5872621c42212f32f3fb7e5e36cd0f1e8b92
SHA3-384 hash: f731e96183fdc63e530966edc3c1c4365327c7dbe94ec518b918fce653cda390805bf64e1d0b50864f063d6fd6404ccc
SHA1 hash: 3815b6b0244df814ea32a217e98c8d0ad79696c4
MD5 hash: aef5ff6a515f39a0af3b63fa0cc9400d
humanhash: mockingbird-mars-arizona-stairway
File name:VIN-Paid.rar
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:300'102 bytes
First seen:2020-05-08 07:16:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Qg8d6VsJEdi5v4ecGUlcdZFaZJQR4lWIrcFqEaRJexXyAiZad5/vuOT+fU:QgO6VsJocduQRisIRJR/ZaDv1yfU
TLSH 6F542364D0232599A489242DFF8A3D81ADA22D387DE3DD9839373CE8E511CB7D6C1993
Reporter abuse_ch
Tags:AveMariaRAT rar RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: aqmail.org
Sending IP: 45.249.91.173
From: Trade Store <sales@aqmail.org>
Subject: Re: Re: PAYMENT INVOICE
Attachment: VIN-Paid.rar (contains "Bhohuum.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 21:40:00 UTC
File Type:
Binary (Archive)
Extracted files:
41
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cllepdk2tfzs4onimvhw462yojrbyqrbf4zph636ly3m2dy6roja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

rar 12d6478d5a99732e39a8654f6e7b5872621c42212f32f3fb7e5e36cd0f1e8b92

(this sample)

AveMariaRAT

Executable exe 9c62d911a4efd2a37364d26439085d493ca2ab7e4b0fa90ba2f5d937e99e5bdf

  
Dropping
MD5 5c49f2098dc63b81fac25d387f4f73b3
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c62d911a4efd2a37364d26439085d493ca2ab7e4b0fa90ba2f5d937e99e5bdf

Comments