MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb350e956f191e61e1b6b973e5bdf0d1b50721aa3c18d380d62847c517b3ad29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb350e956f191e61e1b6b973e5bdf0d1b50721aa3c18d380d62847c517b3ad29
SHA3-384 hash: c698c3a07ad22ac72efa96b05a368ccd6a37335862bd1f7c2bd30e48c177f7f18adfc5caf69f878ef7930607002303a2
SHA1 hash: 5b0f0d8925eaf139086dbf24ad9a9cb7ca5f6176
MD5 hash: 765ae04ee3d33e7116cc238b0bfc67e5
humanhash: helium-two-foxtrot-helium
File name:GF ISF Required Elements Worksheet v2 0 new - HL-US.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:839'877 bytes
First seen:2020-05-12 08:26:30 UTC
Last seen:2020-05-12 09:35:24 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:uwTLdv7g1Cv54oDSA0UdVdINmvdldpcb3akgHGncZ7b:/3dvM1i5jD8Iumvdj+DomcZn
TLSH FC05234FFBC27452C28A9EF20DB68B5EC03731E54CE6225D4A57FB66993208C953722D
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.genoxyl.ga
Sending IP: 94.177.240.114
From: Ariel.Hsieh@chrobinson.com <admin@genoxyl.ga>
Subject: Cut 5/22, LCL shipment - (翰聯) PO#197458 SO#J441 HBL#321777441TPE
Attachment: GF ISF Required Elements Worksheet v2 0 new - HL-US.zip (contains "HLN200422U invoice - VGM-2004228688.scr")

Loki C2:
http://evervisionicd.com/xquat/fre.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.BehavesLike.Win32.Fareit.cc.21246.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 08:36:11 UTC
File Type:
Binary (Archive)
Extracted files:
531
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7m2q5flpdepgdynwxfz6lppq2g2qoinkhqmnhagwfbd4kf5tvuuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip fb350e956f191e61e1b6b973e5bdf0d1b50721aa3c18d380d62847c517b3ad29

(this sample)

Loki

Executable exe 3f8450e921b84377b412af35fa2fdb5649803ee724c2ef3eb3dab0060a0e4909

  
Dropping
MD5 eba7e5d5814039d500ade6a499fe63b9
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3f8450e921b84377b412af35fa2fdb5649803ee724c2ef3eb3dab0060a0e4909
  
Dropping
SHA256 074a27ca162b894fea8bd9446e45b40e5342a07024589f3ad28e873d7fd9d8c8
  
Dropping
MD5 1aeaa3d7660586286f1de3a8cf42b6a7

Comments