MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0bb0a2ac400b038d5054f20109ba50ac64563031534335cc59274ce7dcdc7f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0bb0a2ac400b038d5054f20109ba50ac64563031534335cc59274ce7dcdc7f2
SHA3-384 hash: 9b406889469e79d0a7d4240ffa0774095e5b2364a8004beffb34b751d209560b67ef1f7b85de049cd4ed0f2c0e194c9f
SHA1 hash: f09c88f40abd8b443f2eb5cc6bbc5a7b204e4a7a
MD5 hash: 0e9100fcbaf00896bb805c4a7b3bd155
humanhash: earth-nine-pasta-item
File name:Payment receipt.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:209'661 bytes
First seen:2020-06-19 07:15:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:u9HOKeLCU6LL5sMcHDNhAT/OWTahgEBE9m6V:w4r6XDcHqWWfdfV
TLSH 8624233AED24FD166A7EFA16A2F41C257F14F5F06F8590382866E4D04A853FE706881F
Reporter abuse_ch
Tags:AveMariaRAT RAT zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: franceloc.fr
Sending IP: 104.37.172.226
From: DELTA GOLD JEWELLERY L.L.C<bastide@franceloc.fr>
Subject: Payment receipt
Attachment: Payment receipt.zip (contains "Payment receipt.exe")

AveMariaRAT C2:
104.37.172.226:5200

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20818.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22841.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23092.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23083.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-19 07:17:02 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4c5qukweacydrvifj4qbbg5fbldekyydcu2dgxgfsj2m47ony7za._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip e0bb0a2ac400b038d5054f20109ba50ac64563031534335cc59274ce7dcdc7f2

(this sample)

AveMariaRAT

Executable exe c72cde3224e01da2283065c5a94d252f528c132019eb2f2656c86a7caa1006c2

  
Dropping
MD5 89b072d357697c7b8a53f2218370b976
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c72cde3224e01da2283065c5a94d252f528c132019eb2f2656c86a7caa1006c2

Comments