MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a25384a50bece6cefbc853d787d65ab8688bca6d30da116fe16e6b1a3f6095eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a25384a50bece6cefbc853d787d65ab8688bca6d30da116fe16e6b1a3f6095eb
SHA3-384 hash: d900ae6e1c169f8bf2117ba5344ab665b2a48d36d13c1c93bf491d1326113c5ecf9f347f2dcc0291cc62d30491b74de3
SHA1 hash: a26dae9e5b5e71ccb5321e28b07ae63bc2ee62ab
MD5 hash: 8912bc744f7dcea9e2defff02a15ca24
humanhash: carbon-alpha-spaghetti-three
File name:PO 45-1382020.IMG
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-13 12:30:10 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:+S1FFkBGs5bc5tHBonRQ11OAhOBzqok5Y6Sk7nKd6YZwz+3meeKNf:+S1zkkNtheQPImYa7KZNmeeK
TLSH CF456DA5B7C00C55DC19563988396E8261233F797FF1CA0E749A72966F732CB2A13C1E
Reporter abuse_ch
Tags:AsyncRAT img RAT


Avatar
abuse_ch
Malspam distributing AsyncRAT:

HELO: cpmx.iia.cl
Sending IP: 200.6.120.12
From: Angela <otraco@otraco.it>
Subject: PO 45-13082020-URGENTE
Attachment: PO 45-1382020.IMG (contains "PO 45-1382020,pdf.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis50C3085963B5.32216.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a25384a50bece6cefbc853d787d65ab8688bca6d30da116fe16e6b1a3f6095eb/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 12:32:06 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ujjyjjil5ttm566ikplypvs2xbuixstngdnbc37bnzvrup3asxvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a25384a50bece6cefbc853d787d65ab8688bca6d30da116fe16e6b1a3f6095eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

img a25384a50bece6cefbc853d787d65ab8688bca6d30da116fe16e6b1a3f6095eb

(this sample)

AsyncRAT

Executable exe 2c8c5c5e5990da4a2af218cfece6afda3f4830be6605b9767adbfbde2e5cd276

  
Dropping
MD5 50c3085963b5fdc5a9c00d10d1b4f960
  
Dropping
AsyncRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2c8c5c5e5990da4a2af218cfece6afda3f4830be6605b9767adbfbde2e5cd276

Comments