MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bf55c75f582331db0b200e69ea81ec708abdc47ebcd1e7308fcff046dec46fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1bf55c75f582331db0b200e69ea81ec708abdc47ebcd1e7308fcff046dec46fd
SHA3-384 hash: af0c0454cd037bb8e2ef61b88ba2d84cedce7f2ce7c16d14d8f4db33c6c01b328d384f88353fe1f699eb040dcb5cd6f2
SHA1 hash: 5a7bd87ad0b80971322cf24d11b7a5e11d4c4651
MD5 hash: e7895470727996f92992b778835ed427
humanhash: north-asparagus-kitten-double
File name:AWB5305323204641,pdf.iso
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:301'056 bytes
First seen:2020-05-14 06:29:12 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:TfisT3s3mh6aglLszEg5fTJhOZFSr2ChP:Tfi8s3mh6ZxG5fTsFSl
TLSH 1C544B1437BD0769E1BA8BF956A1A050CBB1761A30ADD36D6DD910CF0BD2F80C986F27
Reporter abuse_ch
Tags:AsyncRAT FedEx iso nVpn RAT


Avatar
abuse_ch
Malspam distributing AsyncRAT:

HELO: [193.56.28.18]
Sending IP: 193.56.28.18
From: FedEx <track@fedex.com>
Subject: FedEx's AWB#5305323204640 - Information is required
Attachment: AWB5305323204641,pdf.iso (contains "AWB#5305323204641,pdf.exe")

AsyncRAT C2:
185.244.29.129:9980

Hosted on nVpn:

% Information related to '185.244.29.0 - 185.244.29.255'

% Abuse contact for '185.244.29.0 - 185.244.29.255' is 'abuse@gerber-edv.net'

inetnum: 185.244.29.0 - 185.244.29.255
netname: GERBER-NETWORK
descr: Wonsan, Kangwon-do
descr: Choson Minjujuui Inmin Konghwaguk
country: KP
admin-c: GN5022-RIPE
tech-c: GN5022-RIPE
org: ORG-GN148-RIPE
status: SUB-ALLOCATED PA
mnt-by: GERBER-MNT
created: 2018-01-31T19:41:57Z
last-modified: 2020-04-06T22:16:40Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 06:36:57 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
13 of 31 (41.94%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dp2vy5pvqizr3mfsadtj5ka6y4ekxxch5pgr44yi7t7qi3pmi36q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

iso 1bf55c75f582331db0b200e69ea81ec708abdc47ebcd1e7308fcff046dec46fd

(this sample)

AsyncRAT

Executable exe f3b33a885af940210f10df7e1c96dc388161961dcb52b6d84c3b7458d20ce116

  
Dropping
MD5 88e05a7f3b27e3aed5d577949c867917
  
Dropping
AsyncRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f3b33a885af940210f10df7e1c96dc388161961dcb52b6d84c3b7458d20ce116

Comments