MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f87f1c9734b98fc57ccd73d8144484215d28b399aa3156d3d78b4cebf46ef0e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f87f1c9734b98fc57ccd73d8144484215d28b399aa3156d3d78b4cebf46ef0e8
SHA3-384 hash: 09bd95e1ac6f082a7928fd6592c2574d06574094ca7498ec48aceedd3e6b5d69ed5f19ab2812503037571c60d17c1b8f
SHA1 hash: a6e7b24fbdc72eb399ac7a60a3723617e42a3098
MD5 hash: 5c17f8305887579e9385c3db3da12a2b
humanhash: snake-violet-failed-lima
File name:RFQ-OM-3994 - Closing Date 30.11.2020 -MEPF-PO-2020-060PDF.z
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:754'228 bytes
First seen:2020-11-07 10:23:11 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:v4RNUcuX+/3/Q89tUmKRY9rk87IYIMi/IucNIH44zeAIO12yEyzkZLY6IoSrxsaD:wroOP/Q8XdNRhIn5bz9/ELmFrxB7b
TLSH 3CF423B6807185C3B4AFE64D5715B2322089B9B61B339F324F6A9C7C1074F6A7A5FA01
Reporter abuse_ch
Tags:AveMariaRAT z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: bulk134.smtp.cz
Sending IP: 185.12.196.134
From: Emily & Sales <8150110@naver.com>
Subject: Product Inquiry From Apex Global South Africa.
Attachment: RFQ-OM-3994 - Closing Date 30.11.2020 - MEPF-PO-2020-060PDF.z (contains "RFQ-OM-3994 - Closing Date 30.11.2020 - MEPF-PO-2020-060PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f87f1c9734b98fc57ccd73d8144484215d28b399aa3156d3d78b4cebf46ef0e8/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 23:29:41 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7b7rzfzuxgh4k7gnopmbireeefosrm4zviyvnu6xrngox5do6dua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

z f87f1c9734b98fc57ccd73d8144484215d28b399aa3156d3d78b4cebf46ef0e8

(this sample)

AveMariaRAT

Executable exe b98f29a897354964b324ad55f046ae324f4f43efe17abdfbbfd726792ec3c763

  
Dropping
MD5 a7934b6dc187dbfc9dc76712139f533e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b98f29a897354964b324ad55f046ae324f4f43efe17abdfbbfd726792ec3c763

Comments