MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3ec61e0c6ac38b3d6d1371fa70634fa7f1b9bbefc7b2980d875982ba852ec63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3ec61e0c6ac38b3d6d1371fa70634fa7f1b9bbefc7b2980d875982ba852ec63
SHA3-384 hash: c9827fdf7d315c6d8175d027f27f2580154f9e501ea4df3b0dac792cd525c4f613d35e5eaf36550924bb748a923a7f7c
SHA1 hash: d150248fe74342c94b69fb9d1a19731cadb68522
MD5 hash: 5cc5eb847777a649da39a1b452be18eb
humanhash: kansas-equal-kansas-johnny
File name:AWB5305323204643,pdf.iso
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:245'760 bytes
First seen:2020-05-20 06:54:24 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 3072:2Xd+bE8o3MBNQt6DP3tuHuvF08WkKalIWIMWsnoJZleFWKb+tRi4d3Y:2Xd+b5o3MBE5uvF08W/vM/2C7b+t84do
TLSH 23346B5631685B1BC9EC50F9449A608447B15AB711A2F3CA6CCEB1EA33D3BE7CA017C7
Reporter abuse_ch
Tags:AsyncRAT FedEx iso nVpn RAT


Avatar
abuse_ch
Malspam distributing AsyncRAT:

HELO: [193.56.28.18]
Sending IP: 193.56.28.18
From: FedEx <track@fedex.com>
Subject: FedEx's AWB#5305323204643 - Information is required
Attachment: AWB5305323204643,pdf.iso (contains "AWB#5305323204643,pdf.exe")

AsyncRAT C2:
185.244.29.203:9980

Hosted on nVpn:

% Information related to '185.244.29.0 - 185.244.29.255'

% Abuse contact for '185.244.29.0 - 185.244.29.255' is 'abuse@gerber-edv.net'

inetnum: 185.244.29.0 - 185.244.29.255
netname: GERBER-NETWORK
descr: Wonsan, Kangwon-do
descr: Choson Minjujuui Inmin Konghwaguk
country: KP
admin-c: GN5022-RIPE
tech-c: GN5022-RIPE
org: ORG-GN148-RIPE
status: SUB-ALLOCATED PA
mnt-by: GERBER-MNT
created: 2018-01-31T19:41:57Z
last-modified: 2020-04-06T22:16:40Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 07:36:52 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4pwgdyggvq4lhvwrg4p2obru7j7rxg567r5stagyowmcxkcs5rrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

iso e3ec61e0c6ac38b3d6d1371fa70634fa7f1b9bbefc7b2980d875982ba852ec63

(this sample)

AsyncRAT

Executable exe fba5658815c50ae760c7baf3e1bd1bc7f3f78a7bf71066c4b4502b755b35826c

  
Dropping
MD5 9be5fc19a414a94352b127af2424ac86
  
Dropping
AsyncRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fba5658815c50ae760c7baf3e1bd1bc7f3f78a7bf71066c4b4502b755b35826c

Comments