MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67a6ef8af8e3ad3f83b6e40a1793d23a6ffcf16da3c4472c0254c60249e737ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67a6ef8af8e3ad3f83b6e40a1793d23a6ffcf16da3c4472c0254c60249e737ba
SHA3-384 hash: 8577cb192624b6669c7ca3cc408eaf3b7bffa24e0264556e4b3fb57f39c324b52905317013e678415eb818824a413020
SHA1 hash: ff49ab3d50e382212ee24764d1eed60be6d419e8
MD5 hash: e130e57017c0d74c96b5cdb482561b58
humanhash: crazy-quiet-alaska-pluto
File name:Po Shkm120022019 order confirmation.rar
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:591'608 bytes
First seen:2020-11-05 07:08:19 UTC
Last seen:2020-11-05 20:10:33 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:HErdVp2+VYw9n7Uiz858GsqRUQ3wEuqYNdWNqFgxHLXvTlVkM:HIH2+P7Uiz4vVj3TubNMxFHkM
TLSH 83C4231E7467DDD2CA522160E81C32E724A6D6C44C6DDE2FB7B6BB0C8E34E167D60638
Reporter cocaman
Tags:AveMariaRAT rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Admin3 SHKM <marketing1@shkmandiri.com>"
Received: "from cytanet.com.cy (unknown [185.118.167.132]) "
Date: "4 Nov 2020 17:38:04 -0800"
Subject: "RE: Po Shkm/12/002/2019 (order confirmation )"
Attachment: "Po Shkm120022019 order confirmation.rar"

Intelligence

File Origin
# of uploads :
2
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/67a6ef8af8e3ad3f83b6e40a1793d23a6ffcf16da3c4472c0254c60249e737ba/
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 00:41:13 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m6to7cxy4owt7a5w4qfbpe6shjx7z4lnupceolacktdaesphg65a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

rar 67a6ef8af8e3ad3f83b6e40a1793d23a6ffcf16da3c4472c0254c60249e737ba

(this sample)

AveMariaRAT

Executable exe 6cebbb0e3d8d28117e67f18212a9847d0262fd4e616def639be1071f1c33b8fb

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6cebbb0e3d8d28117e67f18212a9847d0262fd4e616def639be1071f1c33b8fb

Comments