MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ec1bdf770161f455266bc10b97a1af6441b391995e96bf93492c102cd299d32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ec1bdf770161f455266bc10b97a1af6441b391995e96bf93492c102cd299d32
SHA3-384 hash: a069f55a86a6b44e22a2d05bb6530ed37c1b84c225f60566e01feb605c8dc4b53f86110bc0662e261baba17a1db4bbcc
SHA1 hash: e19e820586ef5789b4f208fd83d4041a451a8dbf
MD5 hash: 25d1c40227a6d9c8f1396fbc09ba5d8a
humanhash: oven-quiet-monkey-cup
File name:PO 181084.arj
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:507'715 bytes
First seen:2020-07-20 09:07:13 UTC
Last seen:2020-07-22 11:15:10 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:vyrO3U99vLqfSpNYsnbs4pwsDaESld+ak4gCYG0b+x6:6rO3a1LqfSDBbsgwcVjDvV+s
TLSH F1B4234C4B42064118CB201992BB4A976FEE364D49F3FD874BFD128C494AFBEDA36D25
Reporter abuse_ch
Tags:arj AveMariaRAT RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: server.360degreeinfo.online
Sending IP: 162.144.150.204
From: Lisa Tan <sc01@inply.com>
Subject: RE: PO 181084
Attachment: PO 181084.arj (contains "PO 181084.exe")

AveMariaRAT C2:
158.69.115.206:5200

Intelligence

File Origin
# of uploads :
7
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.23627.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ec1bdf770161f455266bc10b97a1af6441b391995e96bf93492c102cd299d32/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 05:37:10 UTC
AV detection:
6 of 47 (12.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d3a3353qcypukutgxqils6q26zcbwoizsxuwx6juslaqftjjtuza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1ec1bdf770161f455266bc10b97a1af6441b391995e96bf93492c102cd299d32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip 1ec1bdf770161f455266bc10b97a1af6441b391995e96bf93492c102cd299d32

(this sample)

AveMariaRAT

Executable exe 20573eab37017ad0c5ad37228fdcc5e6f5c64dddbb275f50ee4dcc8dc3d43145

  
Dropping
MD5 e61dffb557266167a4b9c244c8c8a699
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20573eab37017ad0c5ad37228fdcc5e6f5c64dddbb275f50ee4dcc8dc3d43145

Comments