MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e1bbb3f2ec007e48685961cdcb393abd52ea34ddec2284fc3836499214edaf8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e1bbb3f2ec007e48685961cdcb393abd52ea34ddec2284fc3836499214edaf8
SHA3-384 hash: 4a620ed1f040021d736cddfda1e2d30aa52330ac74aa092b9eeff14490720a002402fe8446ae27e9efa60579442430a8
SHA1 hash: afb7df45e0d538b109cc45dadc93a725669013f8
MD5 hash: bcd5a36adb5d0a9b72a76b7eb25907e9
humanhash: romeo-thirteen-jupiter-virginia
File name:454425 new index-payment reminder.rar
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:235'300 bytes
First seen:2020-06-15 13:48:07 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:cjmC8eNviUnnz1FcedeqeGjT6TCbmLvp4Zo0zfdFY5W5yIzSoIsi:KPnViKnz1Fce0qPy3pSowYI5N0V
TLSH AE34221BFE0CBA22918D44791E100538BB8AD35979B23C8CA49D6F8AB3246747FD75DC
Reporter abuse_ch
Tags:AsyncRAT nVpn rar RAT


Avatar
abuse_ch
Malspam distributing AsyncRAT:

HELO: belgium-mep.com
Sending IP: 185.234.219.109
From: Belgium Electromechanical Works <info@belgium-mep.com>
Subject: Re: RE: new index-payment reminder
Attachment: 454425 new index-payment reminder.rar (contains "454425 new index-payment reminder.exe")

AsyncRAT C2:
194.5.98.129:5554

Hosted on nVpn:


% Information related to '194.5.98.0 - 194.5.98.255'

% Abuse contact for '194.5.98.0 - 194.5.98.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.98.0 - 194.5.98.255
netname: Privacy_Online
descr: Longyearbyen, Svalbard und Jan Mayen
country: SJ
admin-c: RA9926-RIPE
tech-c: RA9926-RIPE
org: ORG-NFAS6-RIPE
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-04-26T16:42:54Z
last-modified: 2020-03-13T23:11:55Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 13:50:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fyn3wpzoyad6jbufsyonzm4tvpks5i2n33bcqt6dqnsjsiko3l4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

rar 2e1bbb3f2ec007e48685961cdcb393abd52ea34ddec2284fc3836499214edaf8

(this sample)

AsyncRAT

Executable exe 7caf87ac1666f10cbbff4cc01d51ec4df556908b2d8d55d5c4f0f3724dceded1

  
Dropping
MD5 b31f2aa47951a02730a10ffb57c0012b
  
Dropping
AsyncRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7caf87ac1666f10cbbff4cc01d51ec4df556908b2d8d55d5c4f0f3724dceded1

Comments