MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44e2efbc437618b96059abef2def9d17a6034f3547ca1dbe84a5961ddfb9f6f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	44e2efbc437618b96059abef2def9d17a6034f3547ca1dbe84a5961ddfb9f6f6
SHA3-384 hash:	7e3466c73aa61c4273d0094f000656ec05f63e7f94c3fe928b5dcf52ab41bd4739cf53adb9e03b2aa8196f805bfe2a1e
SHA1 hash:	ad6161289a08b1eb0679b2de19a634582409d70c
MD5 hash:	f81b49472a5eb58b5d9efef3bc5a897f
humanhash:	idaho-double-washington-social
File name:	44e2efbc437618b96059abef2def9d17a6034f3547ca1dbe84a5961ddfb9f6f6.exe
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	4'480'760 bytes
First seen:	2023-07-02 05:15:10 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1e04625e915aa017bd658a8499c087bd (2 x AsyncRAT)
ssdeep	49152:j8XpZsms5gh/wUseMUk5Wm2umlefxRs+8QFbjMWrfdmx9ZTAp:b5gh/wz/h8aXfdmx9ZTAp
Threatray	856 similar samples on MalwareBazaar
TLSH	T14226C606B6CB4DA7DDC42FB7E8D7B2792B1CBC019B274B5B7607432894A72E04D8A750
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	obfusor
Tags:	AsyncRAT exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

266

Origin country :

HK

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/405108/

Detection(s):

SecuriteInfo.com.FileRepMalware.17632.8189.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/94711/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionGetTickCount

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug overlay

Link:

https://www.filescan.io/uploads/64a1081357ca5bec17017b6d/reports/a0dfa01c-b9e4-4f88-b5b2-4a19d18b43ef/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/44e2efbc437618b96059abef2def9d17a6034f3547ca1dbe84a5961ddfb9f6f6

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/99b98ecd-d692-40f3-8b03-203e768bb82d

Result

Threat name:

AsyncRAT, DcRat

Detection:

malicious

Classification:

troj

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1264871

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Malicious sample detected (through community Yara rule)

Yara detected AsyncRAT

Yara detected DcRat

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/44e2efbc437618b96059abef2def9d17a6034f3547ca1dbe84a5961ddfb9f6f6/

Threat name:

Win64.Trojan.Nekark

Status:

Malicious

First seen:

2023-07-02 05:16:06 UTC

File Type:

PE+ (Exe)

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=itro7pcdoymlsyczvpxs3345c6tagtzvi7fb3pueuwlb3x5z633a._file

Verdict:

malicious

Similar samples:

1de780af93c98d924e67471d29b62e6f8f16eb641636a3f0e4fc7a6199b95b61

232b6e5b0e7e6b062b9da1d871430a2ae3fee34590fa05c6fa608b8291eff1a7

3436e23e0db4fdd4f4e6337781fc283c94d87665819970477332564538210826

4fd20682fbc3324675f319d9c2961d002ff409c3bbd4afc6e19dd7e8f2135ac9

5af7cfae0ad82f0e1d210bacf1fb6bbc9a15f0b62f88af71dbf9abf3a436ddd8

6cf0ea817a842b6b6149d1c613cf22a1dfbb729c3b8ab2f1a34e372ab66f5c65

9a81ab49c6050ff00b7833246fd4727aa43b1d8b3c095549846157784103ea24

a2429a2781600f34cc23b3dacba4ce58fbbadc90dac50ab80043601293534b95

c003da35dc32a3308a641bef3333c092d6bb2c0cb29c45a54b6bf64e0ec37232

+ 846 additional samples on MalwareBazaar

Result

Malware family:

asyncrat

Score:

10/10

Tags:

family:asyncrat botnet:default rat

Link:

https://tria.ge/reports/230702-fx5btsag25/

Behaviour

Suspicious use of AdjustPrivilegeToken

Program crash

AsyncRat

Malware Config

C2 Extraction:

7593352b2g.imdo.co:28870

Unpacked files

SH256 hash:

44e2efbc437618b96059abef2def9d17a6034f3547ca1dbe84a5961ddfb9f6f6

MD5 hash:

f81b49472a5eb58b5d9efef3bc5a897f

SHA1 hash:

ad6161289a08b1eb0679b2de19a634582409d70c

Link:

https://www.unpac.me/results/caa6a7ec-5462-4d8f-8e62-d4972e7b48e0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

iSpy Keylogger

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/44e2efbc437618b96059abef2def9d17a6034f3547ca1dbe84a5961ddfb9f6f6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/405108/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample