MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9ea3f9a19081d484d0e98fb9edde26cc564c307f143417c684860307705097a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9ea3f9a19081d484d0e98fb9edde26cc564c307f143417c684860307705097a
SHA3-384 hash: 052788f907a2ca361bba839f3738bf7a701989a9a4a692c35d60b36bed3fa864a3b3d2201e5c9ec79789f850b1cd889d
SHA1 hash: 31f2ef425aaeea88b561997849a8c2240ff5e385
MD5 hash: 10da495f3d99b1a35baafff287c94273
humanhash: ohio-victor-vegan-kilo
File name:covid19 business relief funding questionnaire.exe
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:484'864 bytes
First seen:2020-04-28 21:41:13 UTC
Last seen:2020-04-28 22:48:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'610 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:CNvvv6BB7ssNl0l0l0loADmMHQc9rS52eC+1sa5Ti:1BB7ss3eeetm0XjeCisa5G
Threatray 295 similar samples on MalwareBazaar
TLSH 6DA4C818C98F0537EFAD6376F4518D0EAEE48A63720B2F7E54C683E01A752D254C626F
Reporter nbd33
Tags:AsyncRAT COVID-19 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.42783.9862.23795.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 22:35:24 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vhvd7gqzbaouqtiotd5z5xpcntcwjqyh6fbuc7dijbqda5yfbf5a._file
Verdict:
suspicious
Similar samples:
0ed397f068e9ffac40486cc83ff5eeb06df0e2b504eb3e5bfdb2acc43c3c98f7
AsyncRAT
1d0d8c5370adf00c6dfcebcd398685e53871c2848d6241854cf338149c2bd7c3
AsyncRAT
2bb06f09556b4531015208c97a20dd3b56d6b82b2d3f49a353dc65be55da4623
AsyncRAT
6b09f1cfc05625cdd9c328e7ac8c67ade7fcc234cd0631999d8996b54c3da722
AsyncRAT
92bee9898c4a67a5fe3a209982221c240bc96627ee3fac96369eafa443bde986
AsyncRAT
9b04212fb1aeea566fe8268a73e7449addf9fc0c09dbebec6fae9cebae9834c3
AsyncRAT
b2c9554320dfb016f84d544425222acef4bf674bea6527f027c36bc56f301d80
AsyncRAT
bcf6e06fa10585d1f58a3f85a65840503b588cc7909732205b70f71fe9950def
AsyncRAT
c54b60f2101b09c68669821453bf68653d2bcc7b9030a13edd5486a387a11cab
AsyncRAT
e4edb75adeeb77973b20f4e65a287125f2a12d53e9a1ab647d5737234bcfbd70
AsyncRAT
+ 285 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

Executable exe a9ea3f9a19081d484d0e98fb9edde26cc564c307f143417c684860307705097a

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments