MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cea91c1f969b744c3059034966ef066a650e295f54e108de0e50b0f6794f1087. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cea91c1f969b744c3059034966ef066a650e295f54e108de0e50b0f6794f1087
SHA3-384 hash: dd65e2e2f63be20a2f319640b66e45052d320f538012e657486b03dc6eaeab5df0f9c7f232aa08e87a363d76eb3ab23e
SHA1 hash: 81deaebfe70744cc1010aef052077a1da91a2924
MD5 hash: 70f7005224e3f04e59a3ea998426f492
humanhash: fruit-single-low-river
File name:BL-040820.iso
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:1'034'240 bytes
First seen:2020-08-04 09:29:38 UTC
Last seen:2020-08-12 07:53:54 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:6ytD8HOJrTGBuMq1V5p4wJ8hkdTq8HFKERhtLvclpP9IF:6Y8H2GBuJVJZ9FKERhtDkpP6F
TLSH AC25D883B41C8571CD355B3D48128DD442F23C5D9F8AB20637A8BD3EE9BE4525E2FA4A
Reporter abuse_ch
Tags:AsyncRAT iso nVpn RAT


Avatar
abuse_ch
Malspam distributing AsyncRAT:

From: Michela Luriani <michela.lurianl@bleuline.it >
Subject: Richiesta urgente per i prodotti allegati
Attachment: BL-040820.iso (contains "BL-040820.exe")

AsyncRAT C2s:
194.5.97.4:8824

Hosted on nVpn:

% Information related to '194.5.97.0 - 194.5.97.255'

% Abuse contact for '194.5.97.0 - 194.5.97.255' is 'abuse@kgb-vpn.org'

inetnum: 194.5.97.0 - 194.5.97.255
netname: NET-NINAZU
remarks: ------------------------------------------
remarks: * This network is used for a VPN service.
remarks: * No logs are stored in any shape or form.
remarks: ------------------------------------------
country: EU
admin-c: NVS100-RIPE
tech-c: NVS100-RIPE
org: ORG-NVS2-RIPE
mnt-by: NINAZU-MNT
status: SUB-ALLOCATED PA
created: 2018-07-23T09:31:45Z
last-modified: 2020-08-02T13:13:48Z
source: RIPE

Intelligence

File Origin
# of uploads :
2
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.29005.22383.30107.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cea91c1f969b744c3059034966ef066a650e295f54e108de0e50b0f6794f1087/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 09:31:05 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2uryh4wtn2eymczanewn3ygnjsq4kk7ktqqrxqokcypm6kpccdq._file
Malware family:
AsyncRAT
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/cea91c1f969b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cea91c1f969b744c3059034966ef066a650e295f54e108de0e50b0f6794f1087

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

iso cea91c1f969b744c3059034966ef066a650e295f54e108de0e50b0f6794f1087

(this sample)

AsyncRAT

Executable exe db914bd57e726ca85a49a1747e81e86c89c3548ad941727a8d6c7d8b5eafa04f

  
Dropping
MD5 1da23540408db1cbe7d2ce55b590492c
  
Dropping
AsyncRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 db914bd57e726ca85a49a1747e81e86c89c3548ad941727a8d6c7d8b5eafa04f

Comments