MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c84878329b2ef322933bae4c09c15c3edc12dfc021ac644e614c4fd8e108552a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c84878329b2ef322933bae4c09c15c3edc12dfc021ac644e614c4fd8e108552a
SHA3-384 hash: c553167cd40dc0e93ddc3d5e256edfeb0a9cd54101a989aef4d34e90de492f0d13cbb8a2b5d72ad1da302a7d1349ed1c
SHA1 hash: 016d9111bc3dd3c18d9cebabee8a801d60203ad3
MD5 hash: eedee1c3e7a6dabb134bf205e1b56228
humanhash: pennsylvania-timing-lamp-connecticut
File name:200814pdf.7z
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:452'575 bytes
First seen:2020-06-26 15:26:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:tTCXPGyai9hVdhyDkUBjwxt+1gPTdvozWxDYYR1/NqzMdhPySoEvIWQRKF3xsK:ZCfkijJyj+xoATSyYYhhPL57rFhp
TLSH D7A42347EECCAFB321D7C75FC04F7EA38C94C6197A3D7921A389D499514A090E22BE49
Reporter abuse_ch
Tags:7z AveMariaRAT nVpn RAT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: WIN-SP3ZIDQ0RNC
Sending IP: 103.149.12.155
From: Sgarbo Ltd<admin@genoeven.ml>
Subject: RE: 20F480 QUOTE
Attachment: 200814pdf.7z (contains "ORDER200814pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.generic.ml.6960.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c84878329b2ef322933bae4c09c15c3edc12dfc021ac644e614c4fd8e108552a/
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 15:28:05 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zbehqmu3f3zsfez3vzgatqk4h3obfx6aegwgittbjrh5ryiikuva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip c84878329b2ef322933bae4c09c15c3edc12dfc021ac644e614c4fd8e108552a

(this sample)

AveMariaRAT

Executable exe 125cb3c64b38341e06ac31caa06939ce0a3a5ec9e8824d7bbb819a6d7e8c8a5f

  
Dropping
MD5 604ab0760ec7dcb487d124790385333e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 125cb3c64b38341e06ac31caa06939ce0a3a5ec9e8824d7bbb819a6d7e8c8a5f

Comments