MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7228b62b53bd17dea67408c927d32cfa21dd4027d0d01209de7abe794170e58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7228b62b53bd17dea67408c927d32cfa21dd4027d0d01209de7abe794170e58
SHA3-384 hash: 9d4926fe61a46cd9c776f659a5aa76fe8ee252b01bf31cc2ee3758018e8cf3fe45052ce27ba9ca0d764bf5abde2a7062
SHA1 hash: fc3997ad524fd95b2d4fb7af0141fa24b6ed0682
MD5 hash: 4ca677de6540db5ac0c2dde76102cb39
humanhash: cup-georgia-east-twenty
File name:Documento relativo al carico e alla spedizione del cliente_italy2020.arj
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:15'938 bytes
First seen:2020-11-18 06:48:27 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 192:dSl8egExANgl0TKMKQ9c+asaLh55ucky5xvlsICneC8zfnW9UGZqJxugPFAExJ7b:08e/lKNwJ55gy5XbWifW9UOgtBNfb+I
TLSH A062CF9EF50FC0328042C3A492B3DC5B45D660076FAD2C8539A30BBE2E9ADCDA771C16
Reporter cocaman
Tags:arj


Avatar
cocaman
Malicious email (T1566.001)
From: ""Marco Bosetti | CODOGNOTTO Italia S.p.A"
<account@atlanticnavigation.com>" (likely spoofed)
Received: "from internet.pacifik.cl (internet.pacifik.cl [190.121.26.139]) "
Date: "Wed, 18 Nov 2020 07:22:04 +0100"
Subject: "Merci pronte | CODOGNOTTO Italia S.p.A."
Attachment: "Documento relativo al carico e alla spedizione del cliente_italy2020.arj"

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7228b62b53bd17dea67408c927d32cfa21dd4027d0d01209de7abe794170e58/
Threat name:
ByteCode-MSIL.Trojan.Shelload
Create hunting rule
Status:
Suspicious
First seen:
2020-11-18 06:49:03 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
23 of 47 (48.94%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y4riwyvvhpix32thicgje7jsz6rb3vacpugqcie546v6pfaxbzma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

arj c7228b62b53bd17dea67408c927d32cfa21dd4027d0d01209de7abe794170e58

(this sample)

AveMariaRAT

Executable exe e292ffed81fa4ebddd37c87bd1ca8fb3a636950a2c301715e3e9ddb1941cc15b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e292ffed81fa4ebddd37c87bd1ca8fb3a636950a2c301715e3e9ddb1941cc15b

Comments