MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ffe1cad900f0260d3e0fb2ea7fea42360e086663b9bc80df8a51f2b4ac9498a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ffe1cad900f0260d3e0fb2ea7fea42360e086663b9bc80df8a51f2b4ac9498a
SHA3-384 hash: 09c40cf52fa6f36e19acaccb1ea979d70f9943f8547d6bd45e7506eea7e5c2d28cd9766866c4ea5b6b8d209c00178c71
SHA1 hash: b3bac9417687ec373ab2449f43acd73ee4ffa0ed
MD5 hash: 9a0a63d7332474736192705b3ca7f886
humanhash: sodium-east-angel-cold
File name:0110199383737338466578282847.cab
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:154'555 bytes
First seen:2021-02-10 07:08:33 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 3072:iKQ4ffBBnI09OwzgcHbDL+hBEvTqcN5ENVFzb:K4nDILwzg0DgBEv+aiV1
TLSH 25E3131CA3B4E839A1553FAD3996DC4694ECD6B9DAFD13B6244BF5D400ABF040A1071F
Reporter abuse_ch
Tags:AveMariaRAT cab RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: mail.itsaas.pl
Sending IP: 83.143.133.35
From: Lesun Auto Parts Pte Ltd <import@lesunauto.com.sg>
Subject: Enquiry_ Parts ‎GL63, GL450 & GL550-Lesun Auto Parts Pte Ltd
Attachment: 0110199383737338466578282847.cab (contains "0110199383737338466578282847.scr")

AveMariaRAT C2:
xchilogs.duckdns.org:23489 (51.161.61.88)

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ffe1cad900f0260d3e0fb2ea7fea42360e086663b9bc80df8a51f2b4ac9498a/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-10 07:09:06 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p77bzlmqb4bgbu7a7mxkp7veenqobbtghon4qdpyuupswswjjgfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ffe1cad900f0260d3e0fb2ea7fea42360e086663b9bc80df8a51f2b4ac9498a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

cab 7ffe1cad900f0260d3e0fb2ea7fea42360e086663b9bc80df8a51f2b4ac9498a

(this sample)

AveMariaRAT

Executable exe 8d9da1d788ebe7f59e20c10e6283757e407a2e3befc63b4df9df138d3277b39c

  
Dropping
MD5 67c1edd5ba59823b2817a48a8cc5a9e1
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8d9da1d788ebe7f59e20c10e6283757e407a2e3befc63b4df9df138d3277b39c

Comments