MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d502e98c22e63e2f18b72d29eaecc27b13aea8c0caa3acdf0c33ed5334030af9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d502e98c22e63e2f18b72d29eaecc27b13aea8c0caa3acdf0c33ed5334030af9
SHA3-384 hash: a2a2f8919e4fff15fe27dd5c82e2fc521051dc85e45a6751487e997156836621739ceca79e65179c02ba5e29972db5fe
SHA1 hash: 0c66fabe36bcb60898c98473715a4ca36454ff1b
MD5 hash: 50013d844539a32e86ef9a421b3ef6cb
humanhash: island-berlin-south-finch
File name:documents_cargo.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:329'291 bytes
First seen:2021-01-14 06:58:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:lbE0MC7H1alM4m7AF3sH8ByAUwzzoy79XCa+kxSGS+qmhg2ML9Dlk+x5uT:u0balM4OwsuyAUwzzoa+kxSGS9DlJk
TLSH 556412461F64D0133BBB69F63F8E3D4A2FAE532C05956136E491438B118EEA83FD1E52
Reporter abuse_ch
Tags:AveMariaRAT DHL RAT zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: divingpuglia.center
Sending IP: 172.93.187.138
From: DHL Express <segreteria@divingpuglia.center>
Reply-To: DHL Delivery <logs2@cittadini.us>
Subject: Re: DHL Shipment
Attachment: documents_cargo.zip (contains "tuesdacrypted.exe")

AveMariaRAT C2:
185.222.57.68:5200

Intelligence

File Origin
# of uploads :
1
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.File.Gamehack-9659256-0
Create hunting rule

SecuriteInfo.com.Trojan.Agent.FBVP.10048.27780.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d502e98c22e63e2f18b72d29eaecc27b13aea8c0caa3acdf0c33ed5334030af9/
Threat name:
Win32.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 06:59:09 UTC
AV detection:
23 of 46 (50.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ubotdbc4y7c6gfxfuu6v3gcpmj25kgazkr2zxymgpwvgnadbl4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d502e98c22e63e2f18b72d29eaecc27b13aea8c0caa3acdf0c33ed5334030af9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip d502e98c22e63e2f18b72d29eaecc27b13aea8c0caa3acdf0c33ed5334030af9

(this sample)

AveMariaRAT

Executable exe f74176506b2de80c22ba193508413540b9b13ca4ab364ecba8ae97120adb3ec3

  
Dropping
MD5 3a84b77974a6ec15009a18042c369b11
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f74176506b2de80c22ba193508413540b9b13ca4ab364ecba8ae97120adb3ec3

Comments