MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd3b7a16d6c174c31ececbbb38786da413dc5d7c6c4e90c6ef558b0db2d7ca76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd3b7a16d6c174c31ececbbb38786da413dc5d7c6c4e90c6ef558b0db2d7ca76
SHA3-384 hash: d1c0d0c88bc166d4c985e3a527d44a281285ba684ee7b80b1acd6770ec972813566e94297b59dcf3466cd88c9fb73b6b
SHA1 hash: a574fb09c75e837180bf1b5d8225a570fd40202b
MD5 hash: 6dde925def91bd0b23ff02baeb43d0d0
humanhash: florida-cold-nevada-uncle
File name:Unchecked Invoices regarding june and remmttance with record.rar
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:165'958 bytes
First seen:2020-07-02 07:00:29 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:NF8BY0tW43CZ/qEt/8+GsEAcY5gEPcGbS8ngMiQ/Med284CHUK+DPf8YtvWCOigt:EGeW4AZGsPcYHUWS8GLq+A+zrWCOigxr
TLSH BCF323F0C9FD6C1A854BFEBFAEB9C3299931569909FAF0B072294354A4806DD2035727
Reporter abuse_ch
Tags:AveMariaRAT rar RAT


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: premium99-1.web-hosting.com
Sending IP: 198.54.125.13
From: accounts@kousarfx.com
Subject: Fwd: Re: Quickbooks invoice for 7/1/2020 from victim-email
Attachment: Unchecked Invoices regarding june and remmttance with record.rar (contains "Unchecked Invoices regarding june and remmttance with record.exe")

AveMariaRAT C2:
93.190.93.50:1050

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd3b7a16d6c174c31ececbbb38786da413dc5d7c6c4e90c6ef558b0db2d7ca76/
Threat name:
Win32.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 07:02:09 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xu5xufwwyf2mghwozo5tq6dnuqj5yxl4nrhjbrxpkwfq3mwxzj3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

rar bd3b7a16d6c174c31ececbbb38786da413dc5d7c6c4e90c6ef558b0db2d7ca76

(this sample)

AveMariaRAT

Executable exe 072b5a642b6810ae3b13de6aa8f9044d64556e6b9c0ee373a3a00969a8dcdc82

  
Dropping
MD5 7e072d1c775c6d79792b8e3307caa9d4
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 072b5a642b6810ae3b13de6aa8f9044d64556e6b9c0ee373a3a00969a8dcdc82

Comments