MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e21854eac3b12098cf480e88bca1d7a7669378a6a8488bacc63c3bf1f7e49d9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e21854eac3b12098cf480e88bca1d7a7669378a6a8488bacc63c3bf1f7e49d9f
SHA3-384 hash: 5f11db7482710231b094726ae4f7f299c294a929f21b4a004e641d82a28ed64b19429e0b96f2ab17e277b714a1586df1
SHA1 hash: a5e8c56637eb112d17943b94b14accb0293afbd0
MD5 hash: 0b6f166d971ac4a84555f1ec0eda7a35
humanhash: missouri-juliet-vermont-carolina
File name:Payment Copy.img
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:565'248 bytes
First seen:2020-12-30 08:31:57 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:hOWua0ksSBps/uIeXurLh81cXO93BskbjwX2TmSAQdP:QS0k3ps/uSaSXO93B5i2TmSAQdP
TLSH 94C49E83FAC186B1C457A57236F8BA161715EEF2312CCB111BDC7C4679626CD3A8AE13
Reporter abuse_ch
Tags:AsyncRAT GoDaddy img RAT


Avatar
abuse_ch
Malspam distributing AsyncRAT:

HELO: a2nlsmtp01-03.prod.iad2.secureserver.net
Sending IP: 198.71.225.37
From: Ali Bashir <akagroup@intouch.com>
Reply-To: akagroup@intouch.com
Subject: Fw: Bank Swift Transfer
Attachment: Payment Copy.img (contains "Payment Copy.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
301
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1570.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e21854eac3b12098cf480e88bca1d7a7669378a6a8488bacc63c3bf1f7e49d9f/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-12-30 08:32:11 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4imfj2wdweqjrt2ib2elzioxu5tjg6fgvbeixlgghq57d57etwpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

img e21854eac3b12098cf480e88bca1d7a7669378a6a8488bacc63c3bf1f7e49d9f

(this sample)

AsyncRAT

Executable exe e51fe517af7c5e00a484199d6aed86aaec898fabc294c43ac3190c95c770f6e1

  
Dropping
MD5 7252677dff6c881ecbab4f53d6c0a344
  
Dropping
AsyncRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e51fe517af7c5e00a484199d6aed86aaec898fabc294c43ac3190c95c770f6e1

Comments