MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cee5001a70a53b791a91da4e9d5a9d374e6327f72486fc4fbace5ea10931b2ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cee5001a70a53b791a91da4e9d5a9d374e6327f72486fc4fbace5ea10931b2ba
SHA3-384 hash: c65e656d93f3ea77e09539d8a06d5b56c797ca040193c9d1392c53cd67513124331fa999656f0a6415979afcef59680f
SHA1 hash: 9bd6cc801aee31dd179942f6b93fc860cad69d58
MD5 hash: c408c96d699d5dd26a08e8fb9b080def
humanhash: oranges-king-vermont-robin
File name:LOBIQ Project Phase ii Procurement.img
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:1'376'256 bytes
First seen:2021-01-14 06:15:49 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:taeZ1PfSMah0XvpQm4HzH7oa8S/kY6xJrFUL+D8p4AswQMsZVW2AAZC+Elyr3Yt9:ceZVS9hieBSbrFiM8EbZkW7Kyr3Yz
TLSH 8F55A135A1F8C6F2D1A63938EC0BB2F85825EE50E9249C4F3DD83E497A34691F43525E
Reporter abuse_ch
Tags:AveMariaRAT img RAT Yahoo


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: sonic303-4.consmr.mail.sg3.yahoo.com
Sending IP: 106.10.242.181
From: SAPLING TECHNOMATICS <saplingtechnomatics@yahoo.com>
Subject: LOBIQ Project Phase ii Procurement
Attachment: LOBIQ Project Phase ii Procurement.img (contains "LOBIQ Project Phase ii Procurement.exe")

AveMariaRAT C2:
xchilogs.duckdns.org:5893 (96.9.210.108)

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cee5001a70a53b791a91da4e9d5a9d374e6327f72486fc4fbace5ea10931b2ba/
Threat name:
Win32.Infostealer.BestaFera
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 06:16:06 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z3sqagtquu5xsgur3jhj2wu5g5hggj7xesdpyt52zzpkccjrwk5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cee5001a70a53b791a91da4e9d5a9d374e6327f72486fc4fbace5ea10931b2ba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

img cee5001a70a53b791a91da4e9d5a9d374e6327f72486fc4fbace5ea10931b2ba

(this sample)

AveMariaRAT

Executable exe a458562e508b49f6195292bc432a95ce03b2d48926441aea5c077f010cd965c3

  
Dropping
MD5 8a219fc362244cc6d03a474d796ee04d
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a458562e508b49f6195292bc432a95ce03b2d48926441aea5c077f010cd965c3

Comments