MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fcf53bcd109dbf0a01807b7eefc6e5ae2fa3cd9dd9678cd409aeef15c758a8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fcf53bcd109dbf0a01807b7eefc6e5ae2fa3cd9dd9678cd409aeef15c758a8a
SHA3-384 hash: 99a4a8e41ca8643213fb6e2f36e0b6fc8f399ea00cc3f9dc41e81e9c43cfd5e7f758e6d957cd1242146856387ec3151a
SHA1 hash: 142364e6bd5c5240f902abf3c10d91941539401b
MD5 hash: 71118e37023e88dc4638d5b17e591990
humanhash: mirror-cup-alaska-vermont
File name:Order DCF 465789.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:661'759 bytes
First seen:2020-11-19 07:57:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:EPt81J1qa5kyGRqtNyQGIlmHCmmAeYxjVses7GlfMiBxyuozF1M:EPGZ5zGRqtNyolmim9RZVs9GlfMiBxYm
TLSH E6E423E427626D4F3B48046CE159B14B6D500E4ED3957F91B6A2FA804EEF024CAD9ECE
Reporter abuse_ch
Tags:AveMariaRAT RAT zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: s237797.cloud.flynet.pro
Sending IP: 193.47.34.9
From: Tracy Parker<tracy01@qq.com>
Subject: #465789
Attachment: Order DCF 465789.zip (contains "Order #DCF 465789.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs2008.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23990.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5fcf53bcd109dbf0a01807b7eefc6e5ae2fa3cd9dd9678cd409aeef15c758a8a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 07:58:05 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l7hvhpgrbhn7biaya63657dollrpupgz3wlhrtkatlxpcxdvrkfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip 5fcf53bcd109dbf0a01807b7eefc6e5ae2fa3cd9dd9678cd409aeef15c758a8a

(this sample)

AveMariaRAT

Executable exe a25edd5d4e3df428ac1c9cef50bb5508070a3202ec645a65b40781b9fb4e54d9

  
Dropping
MD5 31af86a1993ff792560cfe5089433a3d
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a25edd5d4e3df428ac1c9cef50bb5508070a3202ec645a65b40781b9fb4e54d9

Comments