MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e70dc8dc82bef4ec25a1f74be051c6d59c7a6bafae10132bb4599950b005e8f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e70dc8dc82bef4ec25a1f74be051c6d59c7a6bafae10132bb4599950b005e8f6
SHA3-384 hash: 192094f74176d30a6fbb7b3d02dd9f24d245de1364a764eb88691e9b860947e855ae36c26df74161376c538b278c038a
SHA1 hash: 33743c87d84be2f17314b56dc9a0156cae9a6e90
MD5 hash: 46e4ecacf3716502d2fb3ae672e2869b
humanhash: ten-nevada-one-mobile
File name:RFQ_GGMC-Ref 12-01-2022.rar
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:472'865 bytes
First seen:2022-01-12 07:57:14 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:dC7Zgd/vfB9stLgFgwSQtLTMlTkuHXc/Ax0Vr38Y8zlmqd:gmd/R9wKgaMJjHj0VLTIpd
TLSH T1E6A423EF59C26843E4D77A855A7383129BAE94A5CE7EFF918A8B131C80CF68172D4017
Reporter cocaman
Tags:AsyncRAT rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Deena<sales@glagencies.co.za>" (likely spoofed)
Received: "from hp0.ddvomni.bar (unknown [139.59.78.217]) "
Date: "Wed, 12 Jan 2022 07:51:29 +0000"
Subject: "New Order: GGMC Ref: 12-01-2022"
Attachment: "RFQ_GGMC-Ref 12-01-2022.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e70dc8dc82bef4ec25a1f74be051c6d59c7a6bafae10132bb4599950b005e8f6/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-01-12 07:58:10 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
12 of 43 (27.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=44g4rxecx32oyjnb65f6auog2wohu25pvyibgk5ulgmvbmaf5d3a._file
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat botnet:default rat spyware stealer suricata
Link:
https://tria.ge/reports/220112-jtt88sbgeq/
Behaviour
Creates scheduled task(s)
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Async RAT payload
AsyncRat
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
Malware Config
C2 Extraction:
89.238.150.43:5512
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e70dc8dc82bef4ec25a1f74be051c6d59c7a6bafae10132bb4599950b005e8f6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

rar e70dc8dc82bef4ec25a1f74be051c6d59c7a6bafae10132bb4599950b005e8f6

(this sample)

AsyncRAT

Executable exe b586ca95ba9557f7ad2434d01f96ff191b77541670894df3b78aa3a8312ae092

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b586ca95ba9557f7ad2434d01f96ff191b77541670894df3b78aa3a8312ae092
  
Dropping
AsyncRAT

Comments