MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be22e9f6e0ebffa73805e80df2beb388be1a2185ca21a39ae8da3ac6b92f57b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be22e9f6e0ebffa73805e80df2beb388be1a2185ca21a39ae8da3ac6b92f57b6
SHA3-384 hash: 59a4d5f428cfee204d3a123009281972fefefca354f3d0b8a2a6ea345b4390d102a3fb923b26c1c464454df5bf9c114f
SHA1 hash: a2ac34e966c85303568a661906bc083fdc7849c1
MD5 hash: 542c9a48e81e65398d4962e14c04f8bd
humanhash: spaghetti-pip-spring-river
File name:PO 19218 - 110920 Iran.arj
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:210'136 bytes
First seen:2020-10-11 17:54:31 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:mX1/TL4mFFJXBgyQLBte/xlUk8R74+Ws78MqwHh2m7vYtem:01/TVFjKyCBtGxlUk6Z38MFhd7vYIm
TLSH 4B24239D46C013A4F2BDF668782A31C77E3CD9B8E684580582FC6F1C8B981FC2E57162
Reporter abuse_ch
Tags:arj AveMariaRAT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.globalsproducts.es
Sending IP: 45.95.169.130
From: info@globalsproducts.net
Subject: PO 19218 - 110920 Iran
Attachment: PO 19218 - 110920 Iran.arj (contains "PO 19218 - 110920 Iran.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/be22e9f6e0ebffa73805e80df2beb388be1a2185ca21a39ae8da3ac6b92f57b6/
Threat name:
ByteCode-MSIL.Ransomware.WannaCry
Create hunting rule
Status:
Malicious
First seen:
2020-10-11 17:14:23 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xyrot5xa5p72ooaf5ag7fpvtrc7buimfziq2hgxi3i5mnojpk63a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/be22e9f6e0ebffa73805e80df2beb388be1a2185ca21a39ae8da3ac6b92f57b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

arj be22e9f6e0ebffa73805e80df2beb388be1a2185ca21a39ae8da3ac6b92f57b6

(this sample)

AveMariaRAT

Executable exe 6dbd3f42bf990db55372e1e01a3ddb4dbbdf3051fa01492bca882dbc023bb71a

  
Dropping
MD5 bb7611d4bf9047b605f829eedfda5eb3
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6dbd3f42bf990db55372e1e01a3ddb4dbbdf3051fa01492bca882dbc023bb71a

Comments