MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52b62258638ef85fb9b0f43bbbf02a013ca70358f320a43e5a11aa0c9f5cc20e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52b62258638ef85fb9b0f43bbbf02a013ca70358f320a43e5a11aa0c9f5cc20e
SHA3-384 hash: cfa466cb11587881e82fae188281aed0924a555b7b36271d9c5c2178df60ff0cafb36f2a440938665ec9708083b94ec1
SHA1 hash: b50ecf71c9468accb9c8b63a48b128c3bfa6b6fb
MD5 hash: d6f7dd4b52206e5b3250cfc563fb1efc
humanhash: steak-oranges-michigan-twelve
File name:Documento_6635190992021.uue
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:330'597 bytes
First seen:2021-01-04 07:38:18 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 6144:pmxcv4FhvcZ6QUiv6sAto+03RR1n4F22jsjMrTP+9U93sUiDpyaIoq76Cs6e:AxLhdJw67oPRRgdEMrTR93Ncr
TLSH D564238DEAD8B624CAD4761DE56FB5AB35D68E11BDC030C421BA12FCA6D30A4710F9F1
Reporter abuse_ch
Tags:AveMariaRAT ESP geo RAT Santander t-online uue


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: mailout08.t-online.de
Sending IP: 194.25.134.20
From: Factoring y Confirming - Grupo Santander <fa.zajitschek@t-online.de>
Reply-To: Factoring y Confirming - Grupo Santander <fa.zajitschek@t-online.de>
Subject: AFA:FICHERO AVISO CAÍDA FINANCIACIÓN POR EXPIRACIÓN
Attachment: Documento_6635190992021.uue (contains "Documento_6635190992021.exe")

AveMariaRAT C2:
172.94.127.185:2030

Intelligence

File Origin
# of uploads :
1
# of downloads :
370
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52b62258638ef85fb9b0f43bbbf02a013ca70358f320a43e5a11aa0c9f5cc20e/
Threat name:
Win32.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2021-01-04 07:39:04 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kk3cewddr34f7onq6q53x4bkae6koa2y6mqkips2cgvazh24yiha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Backdoor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/52b62258638ef85fb9b0f43bbbf02a013ca70358f320a43e5a11aa0c9f5cc20e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

uue 52b62258638ef85fb9b0f43bbbf02a013ca70358f320a43e5a11aa0c9f5cc20e

(this sample)

AveMariaRAT

Executable exe 9fdbaeded04f2af7ee146dc2dc2fdf91b9a6ba7202148bad21efd2398ea1f7ae

  
Dropping
MD5 275f6e9e231066a0f174b91dae934dc8
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9fdbaeded04f2af7ee146dc2dc2fdf91b9a6ba7202148bad21efd2398ea1f7ae

Comments