MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fcb0efa3aa2fadbf33aa05b84a71129308f89fc0a2faa9cdf561b941aa321e87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	fcb0efa3aa2fadbf33aa05b84a71129308f89fc0a2faa9cdf561b941aa321e87
SHA3-384 hash:	36e402128b5371b71d87e9734749abab7a70211e5fed3837840551066cae1468c7d9015ef161971cf3f746f9b150644f
SHA1 hash:	78682a27eca902b4e9bf7fba1ef8abf9e25905d6
MD5 hash:	e7e3701cd0b3ff58844e4e0a9f4eafba
humanhash:	nebraska-north-moon-july
File name:	SecuriteInfo.com.LuheMSILE.21546.5029
Download:	download sample
File size:	283'648 bytes
First seen:	2020-05-28 09:27:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bf5a4aa99e5b160f8521cadd6bfe73b8 (432 x RedLineStealer, 31 x AgentTesla, 12 x DCRat)
ssdeep	6144:YDKW1Lgbdl0TBBvjc/OHr7vgiQlaa/vHktPPJxmNkQT81:+h1Lk70TnvjcGG7/vElikL1
Threatray	178 similar samples on MalwareBazaar
TLSH	8554DF1175D0C1B3C4BB103045E6CA7A9B3970321B6A95EBB6DD1BBA6F603E1A3361CD
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

70

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.LuheMSILE.21546.5029.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Wacatac

Status:

Malicious

First seen:

2020-05-28 02:23:24 UTC

File Type:

PE (Exe)

Extracted files:

1

AV detection:

27 of 31 (87.10%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

09862d16ba8e513ce4cc3c98d2fc0c86247a7d42394209b3eb590ef6ddf80494

1b13660c52adcccc1cef45f137a3373f5615500a609c61a9872e5ed4336e629a

1e2773c36054c3392f3e220d4c22cce63f31750c2ee6707198e4d15648f11897

3a5943219f8400531a411b909b666337ba4f232d19e003a0128e0d699106f04f

3c90e174ff5097d991e0b99001a4e64e0c9e312df0ec03cee51380148974920e

4ae6b816ae796954dd22a01dacb47e9e76bd3facc4f20f7f8fb76e18fd20b27b

6b85fd7249ceaf4a88f71ad1becb27b9c9a17b1c1bd2cb75f25cdc7b1318785a

8b1cbfd7ebbd072782a2748d614c53c2084159ef8ccc8f11247c539923ff44a9

bd343b1b5db4f37db72ebf4abba33431c9e28fbb845e847ee1184270c8807204

e8406edde4743eec38d88fd58f2c79b11d09d76bcd57b757cdf5844ea5bd55e7

+ 168 additional samples on MalwareBazaar

Result

Malware family:

asyncrat

Score:

10/10

Tags:

family:asyncrat rat

Link:

https://tria.ge/reports/201109-hctkhs5f5j/

Behaviour

Creates scheduled task(s)

Delays execution with timeout.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Legitimate hosting services abused for malware hosting/C2

Loads dropped DLL

Executes dropped EXE

Async RAT payload

AsyncRat

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe fcb0efa3aa2fadbf33aa05b84a71129308f89fc0a2faa9cdf561b941aa321e87

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/370334/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample