MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f0f76108593d7ecc8a5932e244c0168947b173bf24369ced9793f9a034d04c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: 5f0f76108593d7ecc8a5932e244c0168947b173bf24369ced9793f9a034d04c5
SHA3-384 hash: 2ac3729b27d389fe54a336f3ad42ebd175f6dbaa9921ac13ba982775764d6cd9b2f5325d3ac655fdde6681911d499f8f
SHA1 hash: c95de8b2e804171f3f2b4dde27ecde46658a3ece
MD5 hash: 9749efdaa8c5b0cc54dbec79dfdc5451
humanhash: bulldog-speaker-stream-mike
File name:Doc#662020094753525765677.exe
Download: download sample
Signature AsyncRAT
File size:1'052'672 bytes
First seen:2020-06-17 12:50:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091
ssdeep 24576:Qtb20pkaCqT5TBWgNQ7aifeSzxN79sGV6A:ZVg5tQ7aifeQh5
TLSH 1E25AD1323DD8365C7BE5173BE15B701AEBB782506A1F4BB2FD4093CA9201215E1EA6F
Reporter @abuse_ch
Tags:AsyncRAT exe nVpn RAT


Twitter
@abuse_ch
Malspam distributing AsyncRAT:

HELO: rt.plasticmold-parts.com
Sending IP: 208.123.119.131
From: Purchase <purchase@arabico.ae>
Subject: URGENT QUOTATION - arabico company dubai
Attachment: Doc662020094753525765677.zip (contains "Doc#662020094753525765677.exe")

AsyncRAT C2:
194.5.98.98:9980

Hosted on nVpn:

% Information related to '194.5.98.0 - 194.5.98.255'

% Abuse contact for '194.5.98.0 - 194.5.98.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.98.0 - 194.5.98.255
netname: Privacy_Online
descr: Longyearbyen, Svalbard und Jan Mayen
country: SJ
admin-c: RA9926-RIPE
tech-c: RA9926-RIPE
org: ORG-NFAS6-RIPE
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-04-26T16:42:54Z
last-modified: 2020-03-13T23:11:55Z
source: RIPE

Intelligence


File Origin
# of uploads :
1
# of downloads :
35
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Gathering data
Gathering data
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Drops startup file

Yara Signatures


Rule name:win_asyncrat_j1
Author:Johannes Bader @viql
Description:detects AsyncRAT

File information


The table below shows additional information about this malware sample such as delivery method and external references.

8b9013ebc206bc0f79c75be441511500

AsyncRAT

Executable exe 5f0f76108593d7ecc8a5932e244c0168947b173bf24369ced9793f9a034d04c5

(this sample)

  
Dropped by
MD5 8b9013ebc206bc0f79c75be441511500
  
Delivery method
Distributed via e-mail attachment

Comments