MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6bcc52dfedf9716eabf70d30f4cc4932d8c021bd1befb4a08112bc286c17a26d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6bcc52dfedf9716eabf70d30f4cc4932d8c021bd1befb4a08112bc286c17a26d
SHA3-384 hash: 07a68d4ebfb50a9d7396f57f80b0c2d4db8d91c6387e4fc6afd30ff496b7b2f8446343735deb1745420c05610afeb5f3
SHA1 hash: a06d6e69c502a75d9a686d4bc82033605b56a51d
MD5 hash: 08a845acd6a58df77c15bcb4344158f6
humanhash: carolina-carpet-indigo-princess
File name:INVOICE887.rar
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:451'865 bytes
First seen:2020-05-01 08:12:32 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:qlmXqHMQIQtRh6bsPGu2iMdEIUxZe2DWDcsBgVV6438H62lWvFK54Krw7tUXyN:qg6H9h6bsd2iMI/D4RgqgSTWvw5Dw7zN
TLSH 2EA423719DAB075F68C211D427B13455C802B0466E79A136F71EE8B8FCDE692DCCAC8B
Reporter abuse_ch
Tags:AveMariaRAT rar RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: thenesscenter.org
Sending IP: 45.249.91.173
From: Ashley <abrown@thenesscenter.org>
Subject: Fw: Re: IMPORTANT MESSAGE
Attachment: INVOICE887.rar (contains "Uaqvbdc.exe")

AveMariaRAT payload URL:
http://acdesignhub.com/AAddropboxusercontent52t2jofjdp8lir2361P9A8E8B0G4YF1LIhiMK155

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 07:13:03 UTC
File Type:
Binary (Archive)
Extracted files:
58
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=npgffx7n7fyw5k7xbuypjtcjglmmain5dpx3jiebck6cq3axujwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

rar 6bcc52dfedf9716eabf70d30f4cc4932d8c021bd1befb4a08112bc286c17a26d

(this sample)

AveMariaRAT

Executable exe 9ce5eb576c72ecc29eabbbece917f1873bf4f5782485b22549dfbb6ff1d56f58

  
URLhaus
https://urlhaus.abuse.ch/url/355395/
  
Dropping
MD5 2c254191a27a7eed92172f750c278e29
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9ce5eb576c72ecc29eabbbece917f1873bf4f5782485b22549dfbb6ff1d56f58

Comments