MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f97d91041fc4c99516281771d2cde789b814a8fb8dceda5d59c40b32749d63e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f97d91041fc4c99516281771d2cde789b814a8fb8dceda5d59c40b32749d63e9
SHA3-384 hash: b5e2e112c0f4526bcf69e0f169ace0f80f5aeee6825c0ae42539fd9a95828ba29f9a19d5f74ab06a8628e0774ade8ba7
SHA1 hash: 8e66469f4b1a5fa0eb31a0d83422f938b7f38459
MD5 hash: 25b16a3e550080de8f7b762994164642
humanhash: music-cold-eight-sink
File name:Order-Poland.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:711'687 bytes
First seen:2020-11-28 09:18:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:hgyGeQ5+Bo6xUTnuDIVz+Bl579YAM4oZa4paCo01M1Z2DGodTBPB0MdVlwB+J/a:hgBeDRx0MIcXr27nLo01IqnTBJ0ilwBZ
TLSH C2E433F235BB5E54F74B0BD04201DF89BF0CA06D31512F9625CF6E8A642F206E5EAD82
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: portex.kylos.pl
Sending IP: 193.107.88.86
From: biuro@colver.pl
Reply-To: account@atlanticnavigation.com
Subject: Request For Quotation
Attachment: Order-Poland.zip (contains "Order-Poland.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
158
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f97d91041fc4c99516281771d2cde789b814a8fb8dceda5d59c40b32749d63e9/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-27 10:00:37 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7f6zcba7ytezkfric5y5ftphrg4bjkh3rxhnuxkzyqfte5e5mpuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip f97d91041fc4c99516281771d2cde789b814a8fb8dceda5d59c40b32749d63e9

(this sample)

AveMariaRAT

Executable exe 9c63d0166ebe40cb15a0754ed2902a9f076c81a0f5c7deafe74d9916d3d7a28a

  
Dropping
MD5 a3e78d050b5ed25bf34d56339e6608ed
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c63d0166ebe40cb15a0754ed2902a9f076c81a0f5c7deafe74d9916d3d7a28a

Comments