MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ef9705dc97fb5c320f36afdfd465da02ceccfce94e2a810aa082e81a7a1e98b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	2ef9705dc97fb5c320f36afdfd465da02ceccfce94e2a810aa082e81a7a1e98b
SHA3-384 hash:	7a5b718890e3bcea9ec0d7a0987cda6f974e777a4153b4a62458276d21c01fc283fa965bbe4f313e428f7f6c98e9b34c
SHA1 hash:	0164a6eb84d8cad2498f1aac9ef50866fbb09447
MD5 hash:	e93241f38774a7007281b976996976f8
humanhash:	edward-alanine-avocado-jersey
File name:	FedEx Invoice 202116435.7z
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	458'994 bytes
First seen:	2021-01-16 07:34:40 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:Ehz4JLU4f3OILxFDIEVTICLdeohnectCfk5SKg/EHo7d6h:EyffOyzrV0udUB/EIp6h
TLSH	F9A42350D8F436B237034D64124BBCCD62AB29DEEB59419EDFECE1C1C3AC49AB449974
Reporter	abuse_ch
Tags:	7z AsyncRAT FedEx nVpn RAT

abuse_ch

Malspam distributing AsyncRAT:

HELO: llsk278-a17.servidoresdns.net
Sending IP: 82.223.190.9
From: FEDEX CUSTOMER CARE <barna@sarriegui.com>
Subject: [CN] [JP] [HK]: FedEx Invoice 账单 (Customer Account -XXXXXXXX-XXXXXXX)
Attachment: FedEx Invoice 202116435.7z (contains "FedEx Invoice 202116435.exe")

AsyncRAT C2:
79.134.225.45:2233