MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fcf53bcd109dbf0a01807b7eefc6e5ae2fa3cd9dd9678cd409aeef15c758a8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments

SHA256 hash: 5fcf53bcd109dbf0a01807b7eefc6e5ae2fa3cd9dd9678cd409aeef15c758a8a
SHA3-384 hash: 99a4a8e41ca8643213fb6e2f36e0b6fc8f399ea00cc3f9dc41e81e9c43cfd5e7f758e6d957cd1242146856387ec3151a
SHA1 hash: 142364e6bd5c5240f902abf3c10d91941539401b
MD5 hash: 71118e37023e88dc4638d5b17e591990
humanhash: mirror-cup-alaska-vermont
File name:Order DCF 465789.zip
Download: download sample
Signature AveMariaRAT
File size:661'759 bytes
First seen:2020-11-19 07:57:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:EPt81J1qa5kyGRqtNyQGIlmHCmmAeYxjVses7GlfMiBxyuozF1M:EPGZ5zGRqtNyolmim9RZVs9GlfMiBxYm
TLSH E6E423E427626D4F3B48046CE159B14B6D500E4ED3957F91B6A2FA804EEF024CAD9ECE
Reporter abuse_ch
Tags:AveMariaRAT RAT zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: s237797.cloud.flynet.pro
Sending IP: 193.47.34.9
From: Tracy Parker<tracy01@qq.com>
Subject: #465789
Attachment: Order DCF 465789.zip (contains "Order #DCF 465789.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-11-19 07:58:05 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip 5fcf53bcd109dbf0a01807b7eefc6e5ae2fa3cd9dd9678cd409aeef15c758a8a

(this sample)

  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment

Comments