MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 635c6373b46d3a8e434ba6d3a118e730f717bc0410125975ce069134e354aaa0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 635c6373b46d3a8e434ba6d3a118e730f717bc0410125975ce069134e354aaa0
SHA3-384 hash: 2e9eef3a9f7733133d9ca12fc00714bd4a211c2a45dabdc39ce89a7b0418cbc4027ec603b3e7394a5a2971029ff0869a
SHA1 hash: c27f7296d4c782e4ce67885e61f130b29ab22145
MD5 hash: 96ff00c60edc78c9035aed223845c1c6
humanhash: fanta-beer-lamp-spaghetti
File name:PO-HH00890.rar
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:275'872 bytes
First seen:2020-11-06 07:10:36 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ftvNzhRk25mkjBwwbUcwhrck41YVy9lxEDgM+JQVnNiHETs+tV1r:fxNzH1FbUBhQlTHODgM+JQiHETs+v1r
TLSH 3A44230038DF968CE0359E39E823FA2B67E37975156BDAA69D7B13F4C01868472CD2D1
Reporter abuse_ch
Tags:AveMariaRAT rar RAT Yahoo


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: sonic310-23.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.186.204
From: Jack Shandong <info.chemdacheng@yahoo.com>
Reply-To: info.chemdacheng@yahoo.com
Subject: Fw: Re:Re: please revise old P.I
Attachment: PO-HH00890.rar (contains "PO-HH00890.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/635c6373b46d3a8e434ba6d3a118e730f717bc0410125975ce069134e354aaa0/
Threat name:
Win32.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 19:26:46 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mnogg45unu5i4q2lu3j2cghhgd3rppaecajfs5ooa2itjy2uvkqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

rar 635c6373b46d3a8e434ba6d3a118e730f717bc0410125975ce069134e354aaa0

(this sample)

AveMariaRAT

Executable exe 7228df4e99446bc90a54ff9f01d2f77a10dc39a8def840bbacc1563bd1e633ef

  
Dropping
MD5 1b637c5f418bf71777a224207c3ad02b
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7228df4e99446bc90a54ff9f01d2f77a10dc39a8def840bbacc1563bd1e633ef

Comments