MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1e859020f5a0e7d037b9467e1a0cb9a56ae548ef271fc7ea7c909c9e4f8bce1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1e859020f5a0e7d037b9467e1a0cb9a56ae548ef271fc7ea7c909c9e4f8bce1
SHA3-384 hash: ea2ee478c12ffd3bd27c2e3879ea63561cf621e163d222fd5071e6283e34873724b525258d68a6b64ca65006d2ce9013
SHA1 hash: bd88211b2909ecd4e60f10a3e5ae772eaa509248
MD5 hash: fb4bf0b64ceda6ed01d33a2ede91622a
humanhash: ceiling-nine-cat-violet
File name:doc.iso
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:413'696 bytes
First seen:2020-07-10 17:24:32 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 3072:IdsFIE4KQt3yTmcsbqfht6JuaDoOpCitFNMM:ISFMKQtHcsbuy8JO8itF
TLSH 2F94C503A9AC84BAEF39933D00050CC591F45C9D12CAB29A17BD7D3DCA3D5625E1FA6E
Reporter abuse_ch
Tags:AsyncRAT geo iso nVpn RAT SWE


Avatar
abuse_ch
Malspam distributing AsyncRAT:

HELO: dedicated.fco.pt
Sending IP: 151.236.46.67
From: PostNord AB <notices@postnord.se>
Subject: Ditt paket från Lucas har anlänt till vårt kontor.
Attachment: doc.iso (contains "doc.exe")

AsyncRAT C2 paste:
https://pastebin.com/raw/eeJq8Ku6

AsyncRAT C2:
194.5.98.8:8824

Hosted on nVpn.

% Information related to '194.5.98.0 - 194.5.98.255'

% Abuse contact for '194.5.98.0 - 194.5.98.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.98.0 - 194.5.98.255
netname: Privacy_Online
descr: Longyearbyen, Svalbard und Jan Mayen
country: SJ
admin-c: RA9926-RIPE
tech-c: RA9926-RIPE
org: ORG-NFAS6-RIPE
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-04-26T16:42:54Z
last-modified: 2020-03-13T23:11:55Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b1e859020f5a0e7d037b9467e1a0cb9a56ae548ef271fc7ea7c909c9e4f8bce1/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 00:03:13 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=whufsaqplihh2a33srt6digltjlk4veo6jy7y7vhzee4tzhyxtqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

iso b1e859020f5a0e7d037b9467e1a0cb9a56ae548ef271fc7ea7c909c9e4f8bce1

(this sample)

AsyncRAT

Executable exe 3f28fd2c56f0bb9501f62fa64c71f6475d7cca2ee1908e097febdfc5516358ed

  
Dropping
MD5 5b73007cbdbcf1af52ca4769bcbc0f16
  
Dropping
AsyncRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3f28fd2c56f0bb9501f62fa64c71f6475d7cca2ee1908e097febdfc5516358ed

Comments