MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8a313abda31011a1b8853101c9dc5d6386fbdff2bfee01a14e8afb113cf8c0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8a313abda31011a1b8853101c9dc5d6386fbdff2bfee01a14e8afb113cf8c0b
SHA3-384 hash: 04a2c628be30e4df47c91446ebb05a8f43d0bb9a0a9817b070db20af2cc69453ac173c32a44200235928fb371cd6bced
SHA1 hash: 504f886c731f3949b3732ce61d287415a35e9cf7
MD5 hash: 4f6b2179dc3d85df9955534f460eb0f8
humanhash: diet-fanta-edward-river
File name:Proforma Invoice No. 3470103-01.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:317'652 bytes
First seen:2020-05-05 14:01:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:al4Gh/tTH4pH5TVsP1iqDQR+h2SU69+yWp8syjzCgdTaqoZ/xnM:O44/tTH4pwPRkR+AG+5pNyXxdFg/VM
TLSH 0F64236E231A14169E2A813A400ACF3C818490DAC3F39A7CD5BD364A7E9C89DD77F567
Reporter abuse_ch
Tags:AveMariaRAT nVpn RAT zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: smtp009.centralserver.com.br
Sending IP: 177.101.150.19
From: Zahirul Hoque <zahirul.hoque@metalbd.biz>
Reply-To: Zahirul Hoque <zahirul.hoque@metalbd.biz>
Subject: Proforma Invoice No. 3470103-01
Attachment: Proforma Invoice No. 3470103-01.zip (contains "Proforma Invoice No. 3470103-01.exe")

AveMariaRAT C2:
lindsaystewart113.hopto.org:1128 (79.134.225.11)

Pointing to nVpn:

% Information related to '79.134.225.0 - 79.134.225.63'

% Abuse contact for '79.134.225.0 - 79.134.225.63' is 'abuse@anmaxx.net'

inetnum: 79.134.225.0 - 79.134.225.63
netname: BASEL-HOSTING-225-0
country: CH
admin-c: AM38880-RIPE
tech-c: AM38880-RIPE
status: ASSIGNED PA
mnt-by: AF15-MNT
created: 2016-04-17T00:42:52Z
last-modified: 2016-04-18T06:23:19Z
source: RIPE
remarks: abuse-c AIS166-RIPE
org: ORG-AGIS12-RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.gc.11868.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 14:23:28 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3crrhk62gearug4ikmibzhof2y4g7pp7fp7oagqu5cx3ce6prqfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip d8a313abda31011a1b8853101c9dc5d6386fbdff2bfee01a14e8afb113cf8c0b

(this sample)

AveMariaRAT

Executable exe 6c08295f40c3b798331023edf5166fc3dc159f120eaf02db0991f6d682c7df13

  
Dropping
MD5 8fc5a572ef53cbd1080282faf552c390
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6c08295f40c3b798331023edf5166fc3dc159f120eaf02db0991f6d682c7df13

Comments