MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b4d45013c86390dfe7cacd19907c033e1e9ff94e46d909c293b2a303e1020d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b4d45013c86390dfe7cacd19907c033e1e9ff94e46d909c293b2a303e1020d5
SHA3-384 hash: 767318fa64941bc27440d68d5ecd7df5421522251ad8abc869651c99f26a33a3dae2088c81ec749b7068164d35829583
SHA1 hash: 46825385f9a95f361460e18a12f4096929e678fd
MD5 hash: 6d14d6a86dd9e1343fa5e2ba57d668c1
humanhash: social-montana-undress-stairway
File name:RFQ.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:302'799 bytes
First seen:2020-04-30 09:53:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:0Ms0L1gufSix510VfiijSFcA82GUurlIBfW7L24Sjs:0MsK1gufX5uVReFG5IdWq4
TLSH E05423BE3B73A3A19766275D7BC424AB805D0496523C5FBA039CB341BD9FB23513812B
Reporter abuse_ch
Tags:AveMariaRAT RAT zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: tltrade.pw
Sending IP: 62.173.145.226
From: Habib Lateef <support@tltrade.pw>
Reply-To: support@tltrade.pw
Subject: ALMEER RFQ
Attachment: RFQ.zip (contains "RFQ.exe")

AveMariaRAT C2:
45.138.172.56 56421

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Antiav
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 04:30:14 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jngukaj4qy4q37t4vtizsb6agpq6t74u4rwzbhbjhmvdapqqedkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip 4b4d45013c86390dfe7cacd19907c033e1e9ff94e46d909c293b2a303e1020d5

(this sample)

AveMariaRAT

Executable exe 4fe45a8e07fc28eb30222f08219ca2bb8832220a97ff56333193bd422a876f0c

  
URLhaus
https://urlhaus.abuse.ch/url/333093/
  
Dropping
MD5 2ac0a5bf25087878319d1e0847424ce7
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4fe45a8e07fc28eb30222f08219ca2bb8832220a97ff56333193bd422a876f0c

Comments