MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e7818f187d063cd9b2c250a2efe43fcfbd2892b64b13fdd0978f97994a25d11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e7818f187d063cd9b2c250a2efe43fcfbd2892b64b13fdd0978f97994a25d11
SHA3-384 hash: d8a78b5992201a34ac1e92b645dda399b8063640c906750dd815e2e6af15a64a38fc6ff0dbbeb0e66cb0a7d0eca9348f
SHA1 hash: 7b13e3dd1ba1f0646c9cd4b07b51a7eadcdfddcf
MD5 hash: 47e954bb95ed05c309d2a4000e6ebbd4
humanhash: green-winter-romeo-minnesota
File name:RFQ 202011655458794.rar
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:277'620 bytes
First seen:2020-11-19 07:05:40 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:WvPeY+jDIsMJja9cuBTOTQZAsdbu/TTDHCqOp:g/yDIsuja9cusQZru/nGNp
TLSH EC44232DA9038F52AF14004106939E5E19B362C7501193AFD6E2FBF9FEE66CD3386589
Reporter abuse_ch
Tags:AveMariaRAT rar RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: slug.aserv.co.za
Sending IP: 197.242.144.92
From: smtpfox-2cpx6@blog.financesuccess.co.za
Subject: RFQ Product Details
Attachment: RFQ 202011655458794.rar (contains "RFQ 202011655458794.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e7818f187d063cd9b2c250a2efe43fcfbd2892b64b13fdd0978f97994a25d11/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Suspicious
First seen:
2020-11-19 07:06:06 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hz4br4mh2br43gzmeufc57sd7t55fcjlmsyt7xijpd4xtffcluiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

rar 3e7818f187d063cd9b2c250a2efe43fcfbd2892b64b13fdd0978f97994a25d11

(this sample)

AveMariaRAT

Executable exe 12d0e2ac119fc54c42c125e795c6f28aefdbf31934d9ef986d3fae7a2987eba8

  
Dropping
MD5 88a43cd5308675ba3758cfc49704c520
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 12d0e2ac119fc54c42c125e795c6f28aefdbf31934d9ef986d3fae7a2987eba8

Comments