MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b19f27bf21588184f38d43994314c03730bcf1d16c4cc5d5bd092af12f8c337. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b19f27bf21588184f38d43994314c03730bcf1d16c4cc5d5bd092af12f8c337
SHA3-384 hash: 6070010fc09004965e8e775355ed50b93bf7d93b8065636ad6db88e5b3b0c6975a381763c03d22b5e0b0339ad2ebea22
SHA1 hash: b9ad98c1e7d4de9971df85834b98afaa91caa559
MD5 hash: 97aefdb1c9271f53acd10414ba66bc38
humanhash: juliet-kentucky-utah-oscar
File name:PURCHASE ORDER AFC of IOCL TKIS.cab
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:201'564 bytes
First seen:2020-06-29 09:01:16 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:0TLkULoGlTsFFrJbGBPDZvoFuZtNFJLf73gpi:skUkGlQ0PDRZZpJr
TLSH F0141236CBAE95018B6B98326F9189E03E52972F5B3F557A07D8E4C93FA314257031F8
Reporter abuse_ch
Tags:AveMariaRAT cab nVpn RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: sip2-191.nexcess.net
Sending IP: 104.207.255.152
From: Mehta, Abhijit <Abhijit.Mehta@kelvion.com>
Subject: Enquiry for Local Control Station - IOCL TKIS Project
Attachment: PURCHASE ORDER AFC of IOCL TKIS.cab (contains "PURCHASE ORDER AFC of IOCL TKIS.exe")

AveMariaRAT C2:
caebd.ddns.net:8822 (194.5.98.129)

Pointing to nVpn:

% Information related to '194.5.98.0 - 194.5.98.255'

% Abuse contact for '194.5.98.0 - 194.5.98.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.98.0 - 194.5.98.255
netname: Privacy_Online
descr: Longyearbyen, Svalbard und Jan Mayen
country: SJ
admin-c: RA9926-RIPE
tech-c: RA9926-RIPE
org: ORG-NFAS6-RIPE
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-04-26T16:42:54Z
last-modified: 2020-03-13T23:11:55Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.ENGK.190.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b19f27bf21588184f38d43994314c03730bcf1d16c4cc5d5bd092af12f8c337/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 09:03:04 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rmm7e67scwebqtzy2q4zimkmanzqxty5c3cmyxk32cjk6exyym3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

cab 8b19f27bf21588184f38d43994314c03730bcf1d16c4cc5d5bd092af12f8c337

(this sample)

AveMariaRAT

Executable exe be66827292b98575cb69b0898954699f52c491ddb0bc8c613a70d20fb3871657

  
Dropping
MD5 414b9d6f9dd1348b4c4c768b3c1039ac
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 be66827292b98575cb69b0898954699f52c491ddb0bc8c613a70d20fb3871657

Comments