MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29964f2a0d6cf2aa62f8e8cb1ed921fe357a1d98a80979bca5e735474fe82c56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AveMariaRAT

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	29964f2a0d6cf2aa62f8e8cb1ed921fe357a1d98a80979bca5e735474fe82c56
SHA3-384 hash:	e047e10875ef49aaa98fe88aed33911eb2cae99da20f4363800f8ca18a7f3e28eb97494c2324b3dec469dd3e98be6886
SHA1 hash:	a73e511f369c5d2232f4952b5be99f8274e53f43
MD5 hash:	c34968d467a5188ce33763ebcc0c3219
humanhash:	twenty-october-pennsylvania-victor
File name:	New order-karbosaTurkey.r11
Download:	download sample
Signature	AveMariaRAT Create hunting rule
File size:	400'230 bytes
First seen:	2020-08-31 09:15:25 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	12288:dU6OpazUiYVrEeVxiiiaubqQ/SDHnL77L:ZOpeUtrEeTZMbSjnL77L
TLSH	DD8423CDCD22D76836DEB711389A72A58BCA428ECE7D46F3D59F0A2021E1CDD0994689
Reporter	abuse_ch
Tags:	AveMariaRAT r11 RAT Strato

abuse_ch

Malspam distributing AveMariaRAT:

HELO: mo4-p05-ob.smtp.rzone.de
Sending IP: 81.169.146.181
From: info@karbosan.com.tr
Subject: New order -karbosan
Attachment: New order-karbosaTurkey.r11 (contains "New order-karbosaTurkey.scr")