MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81f0d4db9f84611c0fbc0062849752a0bfc0469c20e451523a37ec95407c87a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 81f0d4db9f84611c0fbc0062849752a0bfc0469c20e451523a37ec95407c87a1
SHA3-384 hash: cad00a8c8829cc4b692d8334c779ea5c374f5d353bcc730fdeb0963f1bd56b0849e5bf36ce1570ed22934cca697f93fc
SHA1 hash: 38f4995d79f2169b34584a8dfbdc87f813420900
MD5 hash: 9ae2c772d1c3056ffd370a906b7f8651
humanhash: blue-december-illinois-jupiter
File name:PO#11-17012021,pdf.rar
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:234'284 bytes
First seen:2021-01-18 09:07:22 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:EA8Fi0U2vvxMFOpNHIvjEDg8UacwYvMVfp5V:EAQ5rNoALFYvMVHV
TLSH C434239A5FD706A3C0293489416DA63C77ACD07622EE0D96661F4F0A7540E24ACCEFF6
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cloudhost-2060988.uk-south-2.nxcli.net
Sending IP: 165.84.218.167
From: Chen <sales@mitsui.com.ph>
Subject: PO#11-18012021
Attachment: PO#11-17012021,pdf.rar (contains "PO#11-17012021,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/81f0d4db9f84611c0fbc0062849752a0bfc0469c20e451523a37ec95407c87a1/
Threat name:
Win32.Trojan.MortyStealer
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 09:09:11 UTC
AV detection:
15 of 45 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qhynjw47qrqryd54abrijf2suc74aru4edsfcur2g7wjkqd4q6qq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/81f0d4db9f84611c0fbc0062849752a0bfc0469c20e451523a37ec95407c87a1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

rar 81f0d4db9f84611c0fbc0062849752a0bfc0469c20e451523a37ec95407c87a1

(this sample)

AveMariaRAT

Executable exe b6d76a6dd8898fcd223678eec6835de53da6b2af1fc84c90dc502082eb6d8729

  
Dropping
MD5 883f037f8db0d45f1dab5dbd539326d2
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b6d76a6dd8898fcd223678eec6835de53da6b2af1fc84c90dc502082eb6d8729

Comments