MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 995cce7353f063e369aaa16935cf6b104cea4a258645c0537de8ed7175332c68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 995cce7353f063e369aaa16935cf6b104cea4a258645c0537de8ed7175332c68
SHA3-384 hash: 650c773c53159070268421d82ce7503c398338089a44ee0917dc1ba32022c5d3658106c2b52d0a5cbd0899f3f8a4689c
SHA1 hash: 635420125140a0afa515f2d2db5381a047cf9974
MD5 hash: a29edd1591d76cf94595070b7e1d27b6
humanhash: hawaii-mike-network-asparagus
File name:Proof Of Payment.UUE
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:203'362 bytes
First seen:2020-08-17 18:42:11 UTC
Last seen:Never
File type: uue
MIME type:application/vnd.ms-cab-compressed
ssdeep 3072:ct+ErRFSxgWshfqVBARE8Xwc4wY4Er2eDyITBVbg7juY2oPwJD+BLV5/A5kqQV1w:clF6ghUAqB4EieDyITPbgWRmLHtqipG
TLSH C1141262A8B750A9EA6A3C3E50C7D6FD42F38D9804E66D5DC48B8919D5C87C47C8C82F
Reporter abuse_ch
Tags:AsyncRAT RAT uue


Avatar
abuse_ch
Malspam distributing AsyncRAT:

HELO: beagle.centx.co.za
Sending IP: 197.81.131.51
From: Gail Robbins <admin@porcupinepress.co.za>
Subject: Proof OfPayment
Attachment: Proof Of Payment.UUE (contains "Clopyr3hMtZZbRQ.exe")

AsyncRAT C2:
sannation.duckdns.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/995cce7353f063e369aaa16935cf6b104cea4a258645c0537de8ed7175332c68/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 18:44:05 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tfom442t6br6g2nkufutlt3lcbgousrfqzc4au355dwxc5jtfrua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.61
Link:
https://yomi.yoroi.company/submissions/995cce7353f063e369aaa16935cf6b104cea4a258645c0537de8ed7175332c68

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

uue 995cce7353f063e369aaa16935cf6b104cea4a258645c0537de8ed7175332c68

(this sample)

AsyncRAT

Executable exe 7c9bb94b65abd10c8fe627f1773bb50d002d57d7879dab6d1ecbdf3485677276

  
Dropping
MD5 237bee62b28e8758286e166eea840340
  
Dropping
AsyncRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c9bb94b65abd10c8fe627f1773bb50d002d57d7879dab6d1ecbdf3485677276

Comments