MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7383d10f87a3919b174e2ef359b8b468e6cee9d808e3a7b40ed8c17654524ef2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7383d10f87a3919b174e2ef359b8b468e6cee9d808e3a7b40ed8c17654524ef2
SHA3-384 hash: 7f491d75d9398f88e3e8d75ac35cd1da43b9272dd36f5c4dc94a9b53c24026dae731138aafc73ff2b2a500485aae75dc
SHA1 hash: 1ebf4c6da2086218d8d28424f36fe5e166d43404
MD5 hash: ba069d3178e93e8eae3240fe8b3678f9
humanhash: ack-river-triple-tennessee
File name:NEW ORDER-48787374878.img
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:1'376'256 bytes
First seen:2021-12-20 07:57:37 UTC
Last seen:2021-12-20 15:37:13 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:NtebkTlPnxtYs+J1ORHGEwQldROyFC2fmpKyWweDi79Tv621d+:VLV8YXDjHfpyWws8bRd+
TLSH T1CC55ADAF2D5F53DEF12E87743764602042A46CF50523E909E9BA7EDBD237B447823292
Reporter cocaman
Tags:AveMariaRAT img


Avatar
cocaman
Malicious email (T1566.001)
From: "abdheshkumar@ntpc.co.in" (likely spoofed)
Received: "from ntpc.co.in (unknown [212.192.241.222]) "
Date: "20 Dec 2021 05:57:27 -0800"
Subject: "RE:RE: Ntpc Co Revised PO9430"
Attachment: "NEW ORDER-48787374878.img"

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs2229.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/61c0378d8991ba72b38e267e/reports/e6e4ad9d-9de7-40d4-8432-7a5d98e2d2ab/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7383d10f87a3919b174e2ef359b8b468e6cee9d808e3a7b40ed8c17654524ef2/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-12-20 07:58:11 UTC
File Type:
Binary (Archive)
Extracted files:
25
AV detection:
7 of 43 (16.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oob5cd4huoizwf2of3zvtofundtm52oybdr2pnao3daxmvcsj3za._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7383d10f87a3919b174e2ef359b8b468e6cee9d808e3a7b40ed8c17654524ef2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

img 7383d10f87a3919b174e2ef359b8b468e6cee9d808e3a7b40ed8c17654524ef2

(this sample)

AveMariaRAT

Executable exe 2ed1f2abe2a46fbec1321bb1df785468b52e3f0e35e50cf45f9ff52d242e40f4

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2ed1f2abe2a46fbec1321bb1df785468b52e3f0e35e50cf45f9ff52d242e40f4
  
Dropping
AveMariaRAT

Comments