MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ed0863debc9d9bd28d1e1e168781e7febc48fd09603fe12a70babcd7dd3a9fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ed0863debc9d9bd28d1e1e168781e7febc48fd09603fe12a70babcd7dd3a9fd
SHA3-384 hash: 6444bbce4cf8514438b2cb8c8c78d1c3acd7cdf6406f9341ee820a30ed2915ffe33d6c310f2cae09e54f21b30506142e
SHA1 hash: 4bd32d67951a5f6191fe145e7d7184bdf271d37d
MD5 hash: a77826c364c161bd633650b7c21eaa66
humanhash: kitten-mexico-arkansas-december
File name:AWB53053232046694,pdf.zip
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:128'714 bytes
First seen:2020-06-03 08:21:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:kvFeSYJng52FSSAFjWvlxC8XBd6mruzGvL+0:+dYJnzSAvlvXBsmUGvd
TLSH A4C312C4449C51C1BC8EE077F4A09DEEE12D638B5673C3B1105796B7A4BB6BE126E03A
Reporter abuse_ch
Tags:AsyncRAT FedEx nVpn RAT zip


Avatar
abuse_ch
Malspam distributing AsyncRAT:

HELO: hwsrv-735199.hostwindsdns.com
Sending IP: 104.168.152.138
From: FedEx <chandra@eventandmoment.com>
Subject: FedEx's AWB#5305323204664 - Information is required
Attachment: AWB53053232046694,pdf.zip (contains "AWB#53053232046694,pdf.exe")

AsyncRAT C2:
185.244.29.203:9980

Hosted on nVpn:

% Information related to '185.244.29.0 - 185.244.29.255'

% Abuse contact for '185.244.29.0 - 185.244.29.255' is 'abuse@gerber-edv.net'

inetnum: 185.244.29.0 - 185.244.29.255
netname: GERBER-NETWORK
descr: Wonsan, Kangwon-do
descr: Choson Minjujuui Inmin Konghwaguk
country: KP
admin-c: GN5022-RIPE
tech-c: GN5022-RIPE
org: ORG-GN148-RIPE
status: SUB-ALLOCATED PA
mnt-by: GERBER-MNT
created: 2018-01-31T19:41:57Z
last-modified: 2020-04-06T22:16:40Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.26176.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 12:49:33 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l3iimpplzhm32kgr4hqwq6a6p7v4jd6qsyb74evhbov427otvh6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

zip 5ed0863debc9d9bd28d1e1e168781e7febc48fd09603fe12a70babcd7dd3a9fd

(this sample)

AsyncRAT

Executable exe c15c6160e13ca27b7ce41293bfd26c5528953fc569c58b971aab66116c33ade4

  
Dropping
MD5 c5d650ad0a2f6dc32aeac2617a7c788e
  
Dropping
AsyncRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c15c6160e13ca27b7ce41293bfd26c5528953fc569c58b971aab66116c33ade4

Comments