MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 827602c84f71ea6cbe11d03522380eeff1aad9a5a9683eeedb30693397ce6ae7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 827602c84f71ea6cbe11d03522380eeff1aad9a5a9683eeedb30693397ce6ae7
SHA3-384 hash: d9b440d4dc8ce5b1c7ab042b396942d2708b2311ec54960c7c7dbdca17848e6011656299659f74ffbb124f7274fd3ea7
SHA1 hash: 40d0a547f8221523cce27c6e2863a9e5a86e72df
MD5 hash: 5356c4e5fa29a8e237e5168b5efb85b0
humanhash: massachusetts-pluto-early-ink
File name:PURCHASE ORDER 2022GH0053 PDF.img
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:75'776 bytes
First seen:2022-06-15 06:33:41 UTC
Last seen:2022-06-15 09:06:43 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 192:f6V6dHA1a/NoZKozm8S2kjDnVvZiJ09tGR6H1iS2j5owhtFhseGKspsKnG:fcQHfNocmPSB/n71GAH1zORXG3psKnG
TLSH T1B973C518D6E6C132C69019F6DD9262D4873B5907D5B36A1FB94E331E2BE324CC988BF1
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter cocaman
Tags:AveMariaRAT img


Avatar
cocaman
Malicious email (T1566.001)
From: "Ling Lam <Ling.Lam@sourceability.com>" (likely spoofed)
Received: "from sourceability.com (unknown [62.197.136.14]) "
Date: "15 Jun 2022 10:41:39 +0200"
Subject: "ORDER 2022GH0053"
Attachment: "PURCHASE ORDER 2022GH0053 PDF.img"

Intelligence

File Origin
# of uploads :
3
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1146.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.W32.AIDetectNet.01.5893.25231.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62a97d71040517c34797dc3d/reports/f76d1f15-9885-4060-a9bd-b926a953e498/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/827602c84f71ea6cbe11d03522380eeff1aad9a5a9683eeedb30693397ce6ae7/
Threat name:
ByteCode-MSIL.Trojan.Warzonerat
Create hunting rule
Status:
Malicious
First seen:
2022-06-15 04:27:18 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
19 of 41 (46.34%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qj3afscpohvgzpqr2a2seoao57y2vwnfvfud53w3gbuthf6onltq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/827602c84f71ea6cbe11d03522380eeff1aad9a5a9683eeedb30693397ce6ae7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

img 827602c84f71ea6cbe11d03522380eeff1aad9a5a9683eeedb30693397ce6ae7

(this sample)

AveMariaRAT

Executable exe 2e9fd7e59d03db74b99c3a9977ce4df9f073b4de25377bb63ce0ce33005b9316

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2e9fd7e59d03db74b99c3a9977ce4df9f073b4de25377bb63ce0ce33005b9316
  
Dropping
AveMariaRAT

Comments