MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5e7d1bf172a4bd9a205e718e69f0a3a567edafa7c37b15079063cf9fef9c3e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5e7d1bf172a4bd9a205e718e69f0a3a567edafa7c37b15079063cf9fef9c3e8
SHA3-384 hash: e37615a23ebcbcf5725bc8de96bee120b91b5c0a04041667b6ad7609a994f1f129e1569ae25c18ba8f5710744f94566e
SHA1 hash: 4b285c1abfe3cfa7912bb4376cff19644042062f
MD5 hash: 497b5dc3214d9589ded7586c92824f62
humanhash: seventeen-bakerloo-ohio-music
File name:O.B.F.O - 2020.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:228'828 bytes
First seen:2020-10-19 13:21:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:/8I0NqyXJTEG4+Bdgo1SP2d5lGFMHPYqsZmGlsnM6:/8I0Nq8JYSBv82d6FMH16cJ
TLSH E8241397B3A723CF53DB707324B5EDAD44B180B61B3896684F4AD11A82925CD0E3CE9D
Reporter abuse_ch
Tags:AveMariaRAT RAT zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: 193.169.253.161
Sending IP: 193.169.253.161
From: Michele Gaultier <MGaultier@fashion-office.fr>
Reply-To: <MGaultier@Groupmail.com>
Subject: Order inquiry - Baudelaire Fashion Office Paris
Attachment: O.B.F.O - 2020.zip (contains "O.B.F.O - 2020.exe")

AveMariaRAT C2:
minekroft.duckdns.org:5200 (185.32.221.45)

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.31590.8059.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5e7d1bf172a4bd9a205e718e69f0a3a567edafa7c37b15079063cf9fef9c3e8/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4xt5dpyxfjf5tiqf44monhykhjlh5wx2pq33cudzay6pt7xzypua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e5e7d1bf172a4bd9a205e718e69f0a3a567edafa7c37b15079063cf9fef9c3e8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip e5e7d1bf172a4bd9a205e718e69f0a3a567edafa7c37b15079063cf9fef9c3e8

(this sample)

AveMariaRAT

Executable exe 1890f57b87f10179f2166f9570829a70a247825c1bdd6d0233dc0a87d171707d

  
Dropping
MD5 2f7b1964f89e9efbfd1588dec19e7712
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1890f57b87f10179f2166f9570829a70a247825c1bdd6d0233dc0a87d171707d

Comments