MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62a88f196290d1726a9e851fc122e93cc91f59c1334972e5b6f33219948a4c13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62a88f196290d1726a9e851fc122e93cc91f59c1334972e5b6f33219948a4c13
SHA3-384 hash: 75a90b2fa8d938728aab55af40d9cac52c992212981758fe4e7cd530c4f92220d75e8aa29b2b7dca89f75aea4f7444f7
SHA1 hash: 086eaeebe35d37ca3db0d7eb359da4e7ab5df4df
MD5 hash: f2dcb2cb2ecfcf640eecec9b3eb57b77
humanhash: august-hamper-oklahoma-dakota
File name:UPS Critical Update.exe
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:349'696 bytes
First seen:2022-05-16 20:07:40 UTC
Last seen:2022-05-16 20:40:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:HxCMn4S2WinAvG/9x0vGvHOqmjX3oveWL30HZVj/myNYVFijaUROFP:0M42vo8GvHxmT3ovVk2yOV8
Threatray 12'767 similar samples on MalwareBazaar
TLSH T1CD74DF143FAC7A11DA9FDBB940A1C18442B1C18FBD23F21A2FA74CDE5D05B4996A1B37
TrID 64.2% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
11.5% (.SCR) Windows screen saver (13101/52/3)
9.2% (.EXE) Win64 Executable (generic) (10523/12/4)
5.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.9% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f8be92eab892d8d1 (1 x AsyncRAT)
Reporter MichaelGalde
Tags:AsyncRAT exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
255
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
asyncrat
Create hunting rule
ID:
1
File name:
UPS Critical Update.exe
Verdict:
Malicious activity
Analysis date:
2022-05-16 19:52:31 UTC
Tags:
trojan rat asyncrat
Link:
https://app.any.run/tasks/6b591c96-b84b-42f7-9a80-6c85385b4a0e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/271290/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
explorer.exe obfuscated packed replace.exe rundll32.exe shell32.dll
Link:
https://www.filescan.io/uploads/6282af34fd71ca8b2ee6c2ff/reports/b8ca8da7-41a9-43a7-b5c1-2e13d13db950/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
AsyncRAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8d809d33-5e1e-401a-bc6c-bec0d22a8c4d
Result
Threat name:
AsyncRAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/995359
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Yara detected AsyncRAT
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62a88f196290d1726a9e851fc122e93cc91f59c1334972e5b6f33219948a4c13/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-05-16 20:08:06 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
23 of 41 (56.10%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
asyncrat
Create hunting rule
Similar samples:
1fb959f018b9de5a58581f6e0e2c3534b22b5f67b90ad30f7a49711777385a3e
AsyncRAT
6c13935ce459215baf7b863cf206747125cacca60793e81ca06ee66139eeba79
AsyncRAT
dcc2b7fb9992cb2c8ebc4c833161602ec430f3647d87fa7beaad069451b6c9d9
AsyncRAT
ebcdba14c6812f5301baed0a44f17c6967cfbf8f5a1e491d02b61ba9b44bc026
AsyncRAT
efd132ae0add8b50e51b21cdc9240d7cde21ecff4a4be28e6f63fe8abb7390c8
AsyncRAT
+ 12'757 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220516-ywh2baaahp/
Unpacked files
SH256 hash:
8b9a83ee40b0e23e168dd22eaff506247fc6523a301b9836116b68d533c773bf
MD5 hash:
91fc23324a12efcd6291b6b95e6b928e
SHA1 hash:
4fa6f9a3c25bce9eb2c62f459ba57cbc3db80f66
Link:
https://www.unpac.me/results/a9dd73df-eb16-4ae0-8ced-d150719971fb/
SH256 hash:
79823e47436e129def4fba8ee225347a05b7bb27477fb1cc8be6dc9e9ce75696
MD5 hash:
39f524c1ab0eb76dfd79b2852e5e8c39
SHA1 hash:
428018e1701006744e34480b0029982a76d8a57d
Link:
https://www.unpac.me/results/a9dd73df-eb16-4ae0-8ced-d150719971fb/
SH256 hash:
e2eb9985f4993277a9241a21abe483d911e6501ccc1f1269d30bb1f93d270359
MD5 hash:
a4824ae73bc24aaff7a6fd5df2b00738
SHA1 hash:
0cf5876d852c943fe06508485d06f5bde2ae0701
Link:
https://www.unpac.me/results/a9dd73df-eb16-4ae0-8ced-d150719971fb/
SH256 hash:
62a88f196290d1726a9e851fc122e93cc91f59c1334972e5b6f33219948a4c13
MD5 hash:
f2dcb2cb2ecfcf640eecec9b3eb57b77
SHA1 hash:
086eaeebe35d37ca3db0d7eb359da4e7ab5df4df
Link:
https://www.unpac.me/results/a9dd73df-eb16-4ae0-8ced-d150719971fb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/62a88f196290d1726a9e851fc122e93cc91f59c1334972e5b6f33219948a4c13

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

Executable exe 62a88f196290d1726a9e851fc122e93cc91f59c1334972e5b6f33219948a4c13

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/271290/

Comments