MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 706bc40de70ca241552fa8c0dde83cef3ce8a3ee9197daf98e451acb64d4c235. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 706bc40de70ca241552fa8c0dde83cef3ce8a3ee9197daf98e451acb64d4c235
SHA3-384 hash: fbcb988b6ef48ea8ad9f5a0938e62bce68a168d275d34a485af2c7019411825427358e0f1d868daa70528255055b810e
SHA1 hash: 97d9e49e49c3aa91beab365acde9e4e862f5b4d7
MD5 hash: 13e7ba37349fd312f189d2a65d2f8f07
humanhash: ten-white-romeo-high
File name:Doc-111028271788901-03-2021_pdf.gz
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:176'400 bytes
First seen:2021-03-04 07:26:56 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:30apWHwlaDSJ+JunhK52iFdbnLKmlKPQVQtdqo0eqdH1GToNFQCRA:khPKipZn+VPQutdqoh4H1GToNFQL
TLSH 8704132CD68ABF1F0503348AA7BFD46A512EAE765C2955269C4C2B58474FCF240E89CF
Reporter abuse_ch
Tags:AveMariaRAT gz RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: server5.pavanhost.com
Sending IP: 85.25.203.11
From: vivekgoel@hplindia.com
Subject: Re: ENQ-Please Advice on Availability of Enclosed Order- 111028271788901-03-2021
Attachment: Doc-111028271788901-03-2021_pdf.gz (contains "Doc-111028271788901-03-2021_pdf.exe")

AveMariaRAT C2:
xchilogs.duckdns.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/706bc40de70ca241552fa8c0dde83cef3ce8a3ee9197daf98e451acb64d4c235/
Threat name:
Win32.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2021-03-04 07:27:18 UTC
AV detection:
13 of 47 (27.66%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=obv4idphbsrecvjpvdan32b4546ori7osgl5v6moiunmwzguyi2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/706bc40de70ca241552fa8c0dde83cef3ce8a3ee9197daf98e451acb64d4c235

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

gz 706bc40de70ca241552fa8c0dde83cef3ce8a3ee9197daf98e451acb64d4c235

(this sample)

AveMariaRAT

Executable exe 29c359a430263d1482f855d74d16a653f7bdcd6ab01abcb6090c1163a1568f71

  
Dropping
MD5 635ca744eb020efe815d22e3dcf4a618
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 29c359a430263d1482f855d74d16a653f7bdcd6ab01abcb6090c1163a1568f71

Comments