MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1bbd69ef5ef5b413fb66bfdfa0a5f60351e784102b408e8cc35a7b990046be3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1bbd69ef5ef5b413fb66bfdfa0a5f60351e784102b408e8cc35a7b990046be3
SHA3-384 hash: 58ee0877c0c02b3f8b00c4539ecb3d69e7a65d293b00784fc42b88de02f14f1ba47e7c3653542a1d26d84c2327003a0b
SHA1 hash: 7f4b3748b3c39d81082dc75a8c28334e6d7f0e59
MD5 hash: 436182e94a9f2b4f1d798cbb982ed956
humanhash: carpet-spaghetti-fillet-xray
File name:20217848858577WE.xz
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:315'235 bytes
First seen:2021-02-11 10:22:27 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:HarZEMZzFWSEpd6G9UdUYjlc/a9l0wAxcf7k8o7ZGhUz5/qNeEhlmJbMXmN:6rZZ1FWSEpsLXZGYf73o7QoyNeYoIA
TLSH 7B64237CE729EB58DF4CFFE51C141A279CEC684B9958B2C1B51709F9F28C048E6B501A
Reporter abuse_ch
Tags:AveMariaRAT Outlook RAT xz


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: NAM02-SN1-obe.outbound.protection.outlook.com
Sending IP: 40.92.5.41
From: LA CASA DEL BALERO <goyri67@hotmail.com>
Subject: RE: ATTACHED INVOICE WITH PAYMENT SWIFT (MT103)
Attachment: 20217848858577WE.xz (contains "20217848858577WE.exe")

AveMariaRAT C2:
185.19.85.155:9951

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1bbd69ef5ef5b413fb66bfdfa0a5f60351e784102b408e8cc35a7b990046be3/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-12 04:16:41 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2g55nhxv55nucp5wnp67ucs7ma2r46cbak2ar2gmgwt3teaenprq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

xz d1bbd69ef5ef5b413fb66bfdfa0a5f60351e784102b408e8cc35a7b990046be3

(this sample)

AveMariaRAT

Executable exe edad1f9faf00ee7a737086c2916ec5ed1a0fcd7efc131e18759d1844beabb5e4

  
Dropping
MD5 345bd54d3caaee3c2a1c1017c3983960
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 edad1f9faf00ee7a737086c2916ec5ed1a0fcd7efc131e18759d1844beabb5e4

Comments