MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2171f783d2f705d49f137260e11e9a460317742062a91de82f6e72c202e5d522. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2171f783d2f705d49f137260e11e9a460317742062a91de82f6e72c202e5d522
SHA3-384 hash: 8822f61101abcb0d81d474adf6e3aec6e94e18d0150ff3800c012a307d75facebe2e82d8bb38207cd46b165a8c58f132
SHA1 hash: 0db38f06847ffcb998b3ab3ae2efb18d80a265d8
MD5 hash: 11c851a4080dfe1d5219bb72fd75b410
humanhash: spaghetti-rugby-low-triple
File name:Doc-11102827178901-03-2021_pdf.cab
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:174'543 bytes
First seen:2021-03-04 07:27:12 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 3072:58Azv77blqSTZRnmzrPncDI3o5zQwsjxzkSU8EJLgoVfdd9/+L3l989xq+ovCJvF:B777bXVUho5UwM4LThS8m+0CJvxv
TLSH 2204236337246464E921D23C654AACFDB7386CE3E104242D10C93B5D16C9AE99B3F7A7
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.linux114.papaki.gr
Sending IP: 185.138.43.48
From: info@dimbaris.gr
Subject: Fw: PAYMENT
Attachment: Doc-11102827178901-03-2021_pdf.cab (contains "Doc-11102827178901-03-2021_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2171f783d2f705d49f137260e11e9a460317742062a91de82f6e72c202e5d522/
Threat name:
Win32.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2021-03-04 07:27:19 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=efy7pa6s64c5jhytojqochu2iybro5bamkur32bpnzzmeaxf2ura._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2171f783d2f705d49f137260e11e9a460317742062a91de82f6e72c202e5d522

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

cab 2171f783d2f705d49f137260e11e9a460317742062a91de82f6e72c202e5d522

(this sample)

AveMariaRAT

Executable exe a67866e26c35be123728faf13ab166a05eb79ad7e8c6c79768ea059326d5cb60

  
Dropping
MD5 f1a38df6866eac58178198c2b65733da
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a67866e26c35be123728faf13ab166a05eb79ad7e8c6c79768ea059326d5cb60

Comments