MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33b9585ef18204022b9e9e708cb3467bbdb06138566055ee5403370243d2c87e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33b9585ef18204022b9e9e708cb3467bbdb06138566055ee5403370243d2c87e
SHA3-384 hash: 70b3c249b6ea8eb7734e5811565f8f3030ff26c4517fb8cf3476bccd22b85299e29121d82a73b5e04feabbc9ddd2098f
SHA1 hash: 1fca4a2f5733ac6bc83acaa4aeee0f989f4da3e8
MD5 hash: 8aac41caf00f026a1c454b144c95c448
humanhash: wolfram-happy-tango-finch
File name:Documento de transferencia de Scotiabank7497574730084doc.arj
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:48'753 bytes
First seen:2020-12-04 19:57:04 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 768:t2Ey3I4e9sF7jFtFc2/pC4zRWgcrjp0p6QaQ0tT0Y1IRQr3JPL+m0ZF/A0la:IfeSF7jFPhFhxh0mY12QNeFJa
TLSH 5D23F14D70E0784197CBAC2FB3918EB1981129A56BC7EA2FD10ED2F9592F536C016C6B
Reporter abuse_ch
Tags:arj AveMariaRAT ESP geo RAT Scotiabank


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: vps.mks-tr.org
Sending IP: 45.153.203.51
From: avisos.empresa.infoScotiabank.cl <office@mks-tr.org>
Subject: Aviso de transferencia de fondos
Attachment: Documento de transferencia de Scotiabank7497574730084doc.arj (contains "Documento de transferencia de Scotiabank7497574730084doc.exe")

AveMariaRAT C2:
178.170.138.163:4554

Intelligence

File Origin
# of uploads :
1
# of downloads :
288
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33b9585ef18204022b9e9e708cb3467bbdb06138566055ee5403370243d2c87e/
Threat name:
ByteCode-MSIL.Trojan.Emotet
Create hunting rule
Status:
Suspicious
First seen:
2020-12-04 19:58:05 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=go4vqxxrqicaek46tzyizm2gpo63ayjykzqfl3suam3qeq6szb7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/33b9585ef18204022b9e9e708cb3467bbdb06138566055ee5403370243d2c87e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

arj 33b9585ef18204022b9e9e708cb3467bbdb06138566055ee5403370243d2c87e

(this sample)

AveMariaRAT

Executable exe 35908764b3057f4ec08d3d54758cae01f66a1b3389d036c2746dcd5a49b977cd

  
Dropping
MD5 e75b228aacfcb393383879cdffd2d70e
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 35908764b3057f4ec08d3d54758cae01f66a1b3389d036c2746dcd5a49b977cd

Comments