MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4d19f033be4bb13414e7f10ca3eec7685eab414bbef57ec63b1b415d37be482. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4d19f033be4bb13414e7f10ca3eec7685eab414bbef57ec63b1b415d37be482
SHA3-384 hash: f2f4e36fa0eb229e356d7612736c5d6f6eb79f9082318dd71da9b1168b39cc01c1a8c440d264c9f97f21b11d907554c2
SHA1 hash: fb3e68efa84d763f7f1f282d14fd501a8c6f65f7
MD5 hash: 657431ddafeddd753902fdc910510eac
humanhash: solar-autumn-cardinal-rugby
File name:LnkxrWO6yvd9qaJ.z
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:372'536 bytes
First seen:2021-01-15 15:48:07 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:lK5lxBvkCu1EoL2Bi5w/wteEOqtcJcipIZpd5wE6n0wpD2+mRBap2S7eWRM88:ADuKoSLotXORaU0umRQp2jWRv8
TLSH 198423F635CB76B1204878920C548588F61279CDC600E7D77E1A721BAEAE7F63E81B74
Reporter abuse_ch
Tags:AveMariaRAT RAT z


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: medpex.com
Sending IP: 210.244.73.74
From: Elizabeth & Purchase <6667hs@naver.com>
Subject: RFQ from Hornet Group Australia
Attachment: LnkxrWO6yvd9qaJ.z (contains "LnkxrWO6yvd9qaJ.exe")

AveMariaRAT C2:
185.222.58.156:5200

Intelligence

File Origin
# of uploads :
1
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4d19f033be4bb13414e7f10ca3eec7685eab414bbef57ec63b1b415d37be482/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6tiz6az34s5rgqkop4imupxmo2c6vnauxpxvp3ddwg2blu334sba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f4d19f033be4bb13414e7f10ca3eec7685eab414bbef57ec63b1b415d37be482

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

z f4d19f033be4bb13414e7f10ca3eec7685eab414bbef57ec63b1b415d37be482

(this sample)

AveMariaRAT

Executable exe a5493fcfa116bae23b26373c6aeec273c025be4798a14a2127dc134ba0b1c8b5

  
Dropping
MD5 a9933988c3f46eef0110f5d707581e80
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a5493fcfa116bae23b26373c6aeec273c025be4798a14a2127dc134ba0b1c8b5

Comments