MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e71e6187fea5e61d595fc7c88431d7cf62ffd568c9665b481a3ddb9b5c44b6db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e71e6187fea5e61d595fc7c88431d7cf62ffd568c9665b481a3ddb9b5c44b6db
SHA3-384 hash: 5bab577fd418e3813dd48be4b7a9da85d3aae4fefd58fc41dc046587df83b74b132b8d753d1b3618386d6be8cdeb5824
SHA1 hash: 4cd20340fffab310a8fef2bf457386675e9cc339
MD5 hash: e0af08ccdb63837f03543fa1d3f70bc2
humanhash: salami-one-nineteen-batman
File name:purchase order 10000000648.pdf.iso
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:710'656 bytes
First seen:2020-10-26 14:51:56 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:hsvMWrWXVJnJSYFqD9C1O9thLFCVcKEFOfu:hghrWXVJJGp3LUqlGu
TLSH E3E48C423991C904E265223BC1AAE2548BF46F1115E3D227F8FF336B1F73B6AB8056D5
Reporter abuse_ch
Tags:AveMariaRAT iso nVpn RAT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail0.tradetrust.pw
Sending IP: 188.166.104.170
From: "Michelle Guzman"<contact@tradetrust.pw>
Subject: Orden de compra 10000000648 (Purchase order 10000000648)
Attachment: purchase order 10000000648.pdf.iso (contains "purchase order # 10000000648.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e71e6187fea5e61d595fc7c88431d7cf62ffd568c9665b481a3ddb9b5c44b6db/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 08:32:36 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=44pgdb76uxtb2wk7y7eiimoxz5rp7vlizftfwsa2hxnzwxcew3nq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

iso e71e6187fea5e61d595fc7c88431d7cf62ffd568c9665b481a3ddb9b5c44b6db

(this sample)

AveMariaRAT

Executable exe e0c788669b7c6def678dbc272e268b5e131ff29867dd3c32d168e92c467ba721

  
Dropping
MD5 b0212efaea0144c8cb1a01a895da69c6
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e0c788669b7c6def678dbc272e268b5e131ff29867dd3c32d168e92c467ba721

Comments