MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9518aa444f3ba46ad38962fd3316456673770aa70f15e9176845bc30fd06e282. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9518aa444f3ba46ad38962fd3316456673770aa70f15e9176845bc30fd06e282
SHA3-384 hash: bf8497bf54125041a7e75d80d42f32ddb681e280f42e644252eb7dd6d5d92e1b01c9f534fc05067ab81f8c604b976dba
SHA1 hash: c3cf35229e99e04e9f25e0685d00aef7b8b0ccc2
MD5 hash: 5465cb14a0e4dff80b3bde9f175bf7bf
humanhash: tango-seventeen-fourteen-edward
File name:shipping.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:914'941 bytes
First seen:2020-05-13 06:21:27 UTC
Last seen:2020-05-13 06:40:45 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:RqobCi4C8PFM3IMWYimzKiQQT87FM3cfAw4:RJbLIb7mzKiQQNcfv4
TLSH 2915235A480111B4F314F9E6166BC9879BEF0E8C9B4FDC1720AE535209F2FED4B69E44
Reporter abuse_ch
Tags:AveMariaRAT RAT zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: mail.genogan.ga
Sending IP: 89.36.212.88
From: Eileen Lin <Eileen.Lin@chrobinson.com> <admin@genogan.ga>
Subject: 5/15, S/O#2117,S/光國, Booking for --LOAD#322749557
Attachment: shipping.zip (contains "WWTAN_514A4DCF600B4DB5AA488EEF66D8026C.scr")

AveMariaRAT C2:
188.72.124.143:2855

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 06:37:10 UTC
File Type:
Binary (Archive)
Extracted files:
590
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sumkurcphosgvu4jml6tgfsfmzzxocvhb4k6sf3iiw6db7ig4kba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip 9518aa444f3ba46ad38962fd3316456673770aa70f15e9176845bc30fd06e282

(this sample)

AveMariaRAT

Executable exe d015c42aeec1560eb2cf33b77fab18293a23cf61a7621746bc923a9ad4cc64dd

  
Dropping
MD5 81354be34b2c4872dc497d4c909e8808
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d015c42aeec1560eb2cf33b77fab18293a23cf61a7621746bc923a9ad4cc64dd
  
Dropping
SHA256 7646d574e07e37cc81073c21276f036cd8afdf285906bab856d34776200c245a
  
Dropping
MD5 10a354723b3f1309bdc3cfa76ca1620b

Comments