MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abf47c435677a41483b6390b005cc01939197f9ee5666c1c3f7d8b822ad36439. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: abf47c435677a41483b6390b005cc01939197f9ee5666c1c3f7d8b822ad36439
SHA3-384 hash: 343d642479f23e0bd3e5e13cf19b53ab28e3e763058b690528e86342be9ba834d8297cf42e805c0b307fe425c41f8762
SHA1 hash: c4e883de1200d7f9f6a368468658d46b6413b0d7
MD5 hash: 8e5d9c7fe0aacadca6f9861260403493
humanhash: washington-mango-delta-violet
File name:AWB#5305323204640.pdf.exe
Download: download sample
File size:193'024 bytes
First seen:2020-05-12 11:21:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'738 x AgentTesla, 19'597 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 3072:RYhZxxeQ4oSvhKuPWvdE2ERVhmsU3TDSqlCADrw3aMTwfJuymX6HaCOyMr/Adp:RYhZwom2KhqhlCADwaduymK6Ci7AD
Threatray 565 similar samples on MalwareBazaar
TLSH FB149D17724CBE27CB9E80FF8091605483B44729B5C3F7C69CEA90EA25D57C22A85D5F
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 07:38:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
8
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vp2hyq2wo6sbja5whefqaxgade4rs7464vtgyhb7pwfyekwtmq4q._file
Verdict:
suspicious
Similar samples:
12e5755daaddafe1456ea2d7e8aa1731d1e6d00add4967859dc0c43bb760a920
1eee887b16c1d789c1869219de2609fbc29ef3ee0c0625f2907c71e9ba701daf
24485d2207c94aae6706df8541dc1c7a434ca8d200aecd31163e0ce70349a755
2530a6515fbfa1c1828dfe9cf174709002d10b9ae832176fc98fe5679a23bf13
66def3420ebfcf662ea2a968bed4968ed853514fb11fc15254faf20b81fcc320
89d0ab4d71e3f671f3313901eb7af21702ae556f9f6ae451f141195725f893a1
9aaf988f70bcd0e53ebb665226e48a2c72e2df70f9dcf0b92ae879ec68bb8e22
acacc7f3cc09e7a711e1f7f4f9fc6633b4c48b21f17e793ec9a91c26173c1232
b20c989115553de604a8f7f6bd58ef25920c241e1f5af881008aa4dcb21d79d1
dff01b9f8946ed3792fe4e32ae3f95834c892f16ca219dc99d78fd15064f82a2
+ 555 additional samples on MalwareBazaar
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat coreentity rat rezer0
Link:
https://tria.ge/reports/201109-2w1maej1qe/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Async RAT payload
rezer0
AsyncRat
CoreEntity .NET Packer
Malware Config
C2 Extraction:
null:null
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments