MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 795457d15ba9fbfbeb37566059765527e896229bd7062243f5bc66bef056e23a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: 795457d15ba9fbfbeb37566059765527e896229bd7062243f5bc66bef056e23a
SHA3-384 hash: 978b415af395476b3f3197e2670daf65d09c6888af2af6e4beb6064b6f30bf91c55541b1401bb09375c5beb0559942d1
SHA1 hash: d31fe82c85a52f91217ae123c5f2829ffa46189e
MD5 hash: c4fdab24038e4e494d990dcf092df002
humanhash: happy-quiet-lemon-violet
File name:Doc#66202009475352576539000.exe
Download: download sample
Signature AsyncRAT
File size:1'180'160 bytes
First seen:2020-06-18 17:22:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091
ssdeep 24576:Vtb20pkaCqT5TBWgNQ7a5Zy01SWCqXexMMgRf16A:GVg5tQ7a5ENSTFR95
TLSH B9457C0263BEC21EC6714137E65E22015EAABD31466BBD5EEE943E3D5630263F119F32
Reporter @abuse_ch
Tags:AsyncRAT exe


Twitter
@abuse_ch
Malspam distributing AsyncRAT:

HELO: rt.plasticmold-parts.com
Sending IP: 208.123.119.131
From: Purchase <purchase@arabico.ae>
Subject: URGENT QUOTATION - arabico company dubai
Attachment: Doc66202009475352576539000.zip (contains "Doc#66202009475352576539000.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
40
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Gathering data
Gathering data
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2

Yara Signatures


Rule name:win_asyncrat_j1
Author:Johannes Bader @viql
Description:detects AsyncRAT

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

Executable exe 795457d15ba9fbfbeb37566059765527e896229bd7062243f5bc66bef056e23a

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments