MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78402cb1a321259e24f62d0b1991b99d8171100b7ed00e9f8b85db92b520d598. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78402cb1a321259e24f62d0b1991b99d8171100b7ed00e9f8b85db92b520d598
SHA3-384 hash: a9a203762404ff362cf5d1cbb5da477b118ae5e8ca97dcce13b9abca11aa38acce5375bc0d720b220c8a9d1f93982a03
SHA1 hash: 0d218eecdda20594ea2bcfe35fbb0ac4bd274a8a
MD5 hash: 29982612875cada47dd80666b8bd76cd
humanhash: nineteen-hamper-steak-november
File name:PO436394_Fuyang_Sensi_Trading-2020_07_21_dwg.img
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-21 16:12:58 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:skaL5xxZZOcHzrCpsyP//MecLdZ2L74VXISuWbez:stfZBHzrS1//nAP2L/JP
TLSH 6F453900F7B485C6D3AA1F7AD87141009671FD5AABE6E38B3B88F6AD19B23544743F12
Reporter abuse_ch
Tags:AveMariaRAT img RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: smtp1.hiworks.co.kr
Sending IP: 121.254.168.204
From: sp001@ksmps.co.kr <sp001@ksmps.co.kr>
Subject: PO436394 - Fuyang Sensi Trading
Attachment: PO436394_Fuyang_Sensi_Trading-2020_07_21_dwg.img (contains "PO436394_Fuyang_Sensi_Trading-2020_07_21_dwg.exe")

AveMariaRAT C2:
zcv2ngnfg69354253.3utilities.com:5200

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZemsilF.34136.Km0@aOahI0o.13892.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78402cb1a321259e24f62d0b1991b99d8171100b7ed00e9f8b85db92b520d598/
Threat name:
ByteCode-MSIL.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 16:14:09 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pbaczmndeesz4jhwfufrtenztwaxcealp3ia5h4lqxnzfnja2wma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
0.87
Link:
https://yomi.yoroi.company/submissions/78402cb1a321259e24f62d0b1991b99d8171100b7ed00e9f8b85db92b520d598

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

img 78402cb1a321259e24f62d0b1991b99d8171100b7ed00e9f8b85db92b520d598

(this sample)

AveMariaRAT

Executable exe 02b9bc3c8ac2cea4764860f49e6be78b8fad956c7bbf28d4260671bb5260568d

  
Dropping
MD5 0d79a60ea621a2f5139aafbfd8e07c87
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 02b9bc3c8ac2cea4764860f49e6be78b8fad956c7bbf28d4260671bb5260568d

Comments