MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9d7fe6bf3daa0710f9b1e76098c1117fbb8394dfd0545e32aa261e1c58273eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9d7fe6bf3daa0710f9b1e76098c1117fbb8394dfd0545e32aa261e1c58273eb
SHA3-384 hash: 47b77b0f749be8e66328061baa35dc607d30609066e0ebe7512d315f24833d51c83be84232da18b5a81f6eadfa50342d
SHA1 hash: dfbdbef7c7bd2eea5cbc48317cc561d5a5cc80e1
MD5 hash: 3764dea1cba6d52a56e0ff44577c2572
humanhash: kitten-magazine-jersey-sweet
File name:purchase order.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:1'146'089 bytes
First seen:2020-11-19 06:37:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:2iBseKytu7fttPdT5ymRzE6iqbhtbvJz5xlPxUjPtZi:t/9tu7ftddNzRzBdtNHlP6Di
TLSH AD3533FD8E1E69D074AB0F7AAF157B2031A99C826632BAD003137584037946EFD5F53A
Reporter abuse_ch
Tags:AveMariaRAT RAT zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: outlook.com
Sending IP: 185.144.31.108
From: Susan <susan.afzalna@sina.cn>
Reply-To: alissabruce11@outlook.com
Subject: TOP VIEW SHENZEN//REQ 00673 TOP URGENT RFQ FOB CIF
Attachment: purchase order.zip (contains "purchase order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn9.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.20909.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9d7fe6bf3daa0710f9b1e76098c1117fbb8394dfd0545e32aa261e1c58273eb/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 06:38:06 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zhl7427t3kqhcd43dz3atdarc753qokn7uculyzkujq6drmcopvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip c9d7fe6bf3daa0710f9b1e76098c1117fbb8394dfd0545e32aa261e1c58273eb

(this sample)

AveMariaRAT

Executable exe 6be2eb67682c01f45fff604dd26b0444506d6a92a9405786ca89d2b82f09f5bc

  
Dropping
MD5 f0dd6a565ec9a3eec95178b478c7ebb1
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6be2eb67682c01f45fff604dd26b0444506d6a92a9405786ca89d2b82f09f5bc

Comments