MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c62a5559c50c7c2d7cdd81bed7864b6acc0ef0c2e9687a389d33f058fef28cfa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c62a5559c50c7c2d7cdd81bed7864b6acc0ef0c2e9687a389d33f058fef28cfa
SHA3-384 hash: 9397307adc62c04c35164927977f875ecf4b4d93a22823d6a584b78b9591f3d35757bf9d926e317839082a67c30398f4
SHA1 hash: c948a4fed9cd828263997bbb5fba8357a80b73d5
MD5 hash: f878101fe61568c5c68b23776ba5b478
humanhash: leopard-video-diet-london
File name:ORDER-210309.img
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:5'314'560 bytes
First seen:2021-03-09 11:05:31 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 98304:n0VJ9FevYYMeBFh5iFIRv2Vb84BnvyBQPnRNJe1B+XKrbFAuacBSA:nineMeR5U84SGRNJpRua
TLSH C5363399F1B149F1ECF7C539C862C826EF323D1F07649A97228C22D75F63B54292A385
Reporter abuse_ch
Tags:AsyncRAT img RAT


Avatar
abuse_ch
Malspam distributing AsyncRAT:

HELO: server1.mepclogistics.icu
Sending IP: 162.0.237.90
From: Henning Scheider <info@federated.ca>
Reply-To: info@federated.ca
Subject: BANK DETAILS FOR ATTACHED ORDER
Attachment: ORDER-210309.img (contains "ORDER-210309.exe")

AsyncRAT paylod URL:
http://transfer.sh/get/sxPvF/stub.exe

AsyncRAT c2:
chongmei33.publicvm.com:2703 (46.243.221.26)

Intelligence

File Origin
# of uploads :
1
# of downloads :
272
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PE_File_pyinstaller.16060.21689.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-09 07:18:57 UTC
AV detection:
8 of 47 (17.02%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yyvfkwofbr6c27g5qg7npbslnlga54gc5fuhuoe5gpyfr7xsrt5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c62a5559c50c7c2d7cdd81bed7864b6acc0ef0c2e9687a389d33f058fef28cfa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

img c62a5559c50c7c2d7cdd81bed7864b6acc0ef0c2e9687a389d33f058fef28cfa

(this sample)

AsyncRAT

Executable exe 57311d2b4a33c4cd2dd65302938876a40539eec1cea6df82539dce8e9c2f29ae

  
URLhaus
https://urlhaus.abuse.ch/url/1056638/
  
Dropping
MD5 cb617fb45decfb004a575353995f33c5
  
Dropping
AsyncRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 57311d2b4a33c4cd2dd65302938876a40539eec1cea6df82539dce8e9c2f29ae

Comments