MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85607c798b0e7f46ef78f9a925843855d05f43833a46a0409715f65127a68f0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85607c798b0e7f46ef78f9a925843855d05f43833a46a0409715f65127a68f0a
SHA3-384 hash: a7aa84a2f59c579f0e6d9bb51927a25b5347559747beb00b30b610def305d973eaece249f8d9c7bf3d60f0249da1d72e
SHA1 hash: 5146653bbce22da19d3ec3a403a45a00999392dd
MD5 hash: 3a1a1b9741dee7c0e7c1dd40ee302afa
humanhash: helium-asparagus-stairway-carolina
File name:FAUJI-TS#INV57698756.pdf.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:340'481 bytes
First seen:2020-08-13 04:37:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:b54g7y45VtWqwP+4lsnGvyo4za2Ndr7Rrux0BQhU0O54TDG/QHU75U:b5V7V5TWqw3leGvyo4zaed5xBAUr5N/+
TLSH C874235C3196D7D0ED0EA8B77C7E1FD343A0C0587E6ED127A1B6E88264279558C3239E
Reporter cocaman
Tags:AveMariaRAT zip


Avatar
cocaman
Malicious email
From: "Farhan" <farhan@compuzerve.com>
Received: from compuzerve.com (unknown [37.48.85.224])
Date: 11 Aug 2020 02:53:16 -0700
Subject: Sales Order INV495069566
Attachment: FAUJI-TS#INV57698756.pdf.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85607c798b0e7f46ef78f9a925843855d05f43833a46a0409715f65127a68f0a/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-11 00:51:33 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qvqhy6mlbz7un33y7guslbbykxif6q4dhjdkaqexcx3fcj5gr4fa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
NanoCore
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/85607c798b0e7f46ef78f9a925843855d05f43833a46a0409715f65127a68f0a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip 85607c798b0e7f46ef78f9a925843855d05f43833a46a0409715f65127a68f0a

(this sample)

AveMariaRAT

Executable exe 61079c74aff96424d4b6d794636faa4d7bfd9df2ba67a506164d4168ca6bb234

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 61079c74aff96424d4b6d794636faa4d7bfd9df2ba67a506164d4168ca6bb234

Comments