MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a3f408260e132a781cbdd5f15b455a487cf03f377d8542134b035ca37112c9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a3f408260e132a781cbdd5f15b455a487cf03f377d8542134b035ca37112c9c
SHA3-384 hash: 79a0868997205f3c8738d818e6f89b77f4174525678a57ef64aaccfdd58751e8528c342966607dc9832c900ee640a965
SHA1 hash: a7aa24cdb4280e67446643c0bb48b9684292acf6
MD5 hash: 37672eb42883849f9a47798f78a3df6c
humanhash: india-neptune-illinois-victor
File name:Product Specifications.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:437'393 bytes
First seen:2020-06-02 08:16:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:hdQ4jLzSycG3YGacAmloBvzQaN6DAusGlNelo:hd5XzZYGapmlQv0DDAusiey
TLSH 0694238715F151836EB9B0F78D9FA7D5612F01E716F1A88BC6653FF88E44AB9A263000
Reporter abuse_ch
Tags:AveMariaRAT RAT Yahoo zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: sonic303-22.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.188.148
From: Frank James <frankjames8173@yahoo.com>
Subject: Anhui Pavo Electric Technology Co., Ltd.
Attachment: Product Specifications.zip (contains "Product Specifications.exe")

AveMariaRAT C2:
198.46.177.102:5200

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 08:36:35 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ri7ubata4ezkpaol3vprlncvusd46a7to7mfiijuwa24unyrfsoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip 8a3f408260e132a781cbdd5f15b455a487cf03f377d8542134b035ca37112c9c

(this sample)

AveMariaRAT

Executable exe 40503a4df817599fdf0125c5b99076700718e3eb50bbb759d139aa95a8d18d59

  
Dropping
MD5 66ef5ded853bcac07ccb1842be3066b0
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 40503a4df817599fdf0125c5b99076700718e3eb50bbb759d139aa95a8d18d59

Comments