MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 383978cce5f1dbc28533918bb2d397ef66074bfb43fae382486aa9d3e941aa08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 383978cce5f1dbc28533918bb2d397ef66074bfb43fae382486aa9d3e941aa08
SHA3-384 hash: d884ad8813058fe4a92a7dfd384012dce782f2d7a9539984a43e68097f9da206d4c2e770c9120b80e20ea615a9c35254
SHA1 hash: 31da7803f47815d1d3574bfca4e476a2b0363bdb
MD5 hash: 77baf40bae64d8ae35e80475817b39a2
humanhash: red-quebec-arkansas-gee
File name:PR E-2012513 SMT PART SUPPLY.xlsx.xz
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:332'711 bytes
First seen:2020-12-24 16:31:47 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:8DKifLQrgoiLX9pYEgtvBl+hIQWBYw2rGVXJcTlm+Ugzze+/x6VQuYFIfVmzBixX:8KwpfYEg3l+hIQATEcXJcTlmgzyyxKQ4
TLSH 73642361E68FBCCD0CCAE182379C79A0741ADE7831D5EDA864B52B53802DF91FE90391
Reporter abuse_ch
Tags:AveMariaRAT RAT xz


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: slot0.itqan.at
Sending IP: 45.85.90.20
From: EVA (PT.TREMCO) <eva@tremcogroup.com>
Reply-To: EVA (PT.TREMCO) <lcatena@studdds.com>
Subject: PR E-2012513
Attachment: PR E-2012513 SMT PART SUPPLY.xlsx.xz (contains "PR E-2012513 SMT PART SUPPLY.xlsx.exe")

AveMariaRAT C2:
rodasiter.duckdns.org:6703

Intelligence

File Origin
# of uploads :
1
# of downloads :
916
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27214.RarHeur.nocdb.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspected-exe-in-RAR.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/383978cce5f1dbc28533918bb2d397ef66074bfb43fae382486aa9d3e941aa08/
Threat name:
Win32.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2020-12-24 12:21:57 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ha4xrthf6hn4fbjtsgf3fu4x55taos73ip5ohasinku5h2kbviea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/383978cce5f1dbc28533918bb2d397ef66074bfb43fae382486aa9d3e941aa08

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

xz 383978cce5f1dbc28533918bb2d397ef66074bfb43fae382486aa9d3e941aa08

(this sample)

AveMariaRAT

Executable exe 9939d3f494937c0538ceb87dc3d728124fa0ef87c24834c20115a3893ac3e5c9

  
Dropping
MD5 77edd167dd723bd2d973a533a4c814f1
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9939d3f494937c0538ceb87dc3d728124fa0ef87c24834c20115a3893ac3e5c9

Comments