MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b202f74ecf1a8d423c2187df2d33fc765727a46b186b408394b8eccc31554203. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 10


Intelligence 10 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b202f74ecf1a8d423c2187df2d33fc765727a46b186b408394b8eccc31554203
SHA3-384 hash: e9134f7d327d574a4293089bcd63ada1c5a8c0463779c56e04eb0db128b603ccfa09d236383814892cd41397fb9c4870
SHA1 hash: 881ef76170e6fe0b0c662b7c3b45ff06526c0223
MD5 hash: 4d2a92dc096d746f1e840c06745be063
humanhash: beer-speaker-avocado-cold
File name:4D2A92DC096D746F1E840C06745BE063.exe
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:1'510'912 bytes
First seen:2021-07-18 13:10:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (234 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 24576:OJmQ3QWWrDXNmFyC2SadnEHgeJhDIZyHvoUdEdNH4Nh564YI63PJ16h0gt:OqrD9TC2SVACoUe91Jx1tg
Threatray 1'881 similar samples on MalwareBazaar
TLSH T1A76533E742019127FAACC67C7A567F3919118663A3B9B3E23CCE55175E3831ABC01C7A
Reporter abuse_ch
Tags:AsyncRAT exe RAT


Avatar
abuse_ch
AsyncRAT C2:
103.92.29.151:6100

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
103.92.29.151:6100 https://threatfox.abuse.ch/ioc/28422/

Intelligence

File Origin
# of uploads :
1
# of downloads :
169
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4D2A92DC096D746F1E840C06745BE063.exe
Verdict:
Malicious activity
Analysis date:
2021-07-18 13:13:30 UTC
Tags:
trojan rat asyncrat
Link:
https://app.any.run/tasks/7cfee553-1113-40c1-a161-3c32b127ee23

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
BitRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/172408/
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

Win.Malware.Mikey-9819889-0
Create hunting rule

ditekSHen.MALWARE.Win.Trojan.BitRAT.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
BitRAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a4beec6f-8b37-465c-9bd9-fe436fbf8eeb
Result
Threat name:
BitRAT Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.evad.mine
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/817921
Signature
Antivirus / Scanner detection for submitted sample
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected BitRAT
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b202f74ecf1a8d423c2187df2d33fc765727a46b186b408394b8eccc31554203/
Threat name:
Win32.Backdoor.ParalaxRat
Create hunting rule
Status:
Malicious
First seen:
2021-07-13 10:20:13 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wibpotwpdkguepbbq7ps2m74ozlspjdldbvuba4uxdwmymkviibq._file
Verdict:
malicious
Similar samples:
0ad4be883521bdd929a07a6dd7a3d475b6a59d5a94c9688cc7582075e517e834
AsyncRAT
162eb9bee8e0c7d40689403a725a41c1ae21846e6055ce5f46d6d40cdb1fbea9
AsyncRAT
19f17d84c67985de677ea0f746955f709106d8833311d3b8c9b67491d0498ff0
AsyncRAT
2d008c3033f4c5dbfe78d0ad678568b4bc06526e53b7a811fb86ca9e89a9d844
AsyncRAT
3884a46ac64617d3f1638402e99118aeeee8ea3e18bf3c6f768d43cce3267f4b
AsyncRAT
67a56ec7a3dbb37af95b762014d093cb5e47cd5579af4611a82ac0e847bea910
AsyncRAT
68e1c3cd1953f50cf97c15396e47257cedb6d67d5833ea589f1260b61638823f
AsyncRAT
7841409513d50a3f415b158310103776d996400fb9e1e13c6bc49f6b740e1645
AsyncRAT
84a40d0820ae9248a654b7d462fa3127d376792e16cf52b4621ca29add8fe0e5
AsyncRAT
a9133df8b9feede980d560c44b754298fc751da2ea00909ed2375f396ed3e813
AsyncRAT
+ 1'871 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210718-7df2ne756s/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
9a66020a1886e46b0fcfbe309a2583e5e285e69444983bbf949059c988c4e158
MD5 hash:
68a10ab2485ec9da7b8d876e548b2bc3
SHA1 hash:
2f770e3969b14b0faea43db59c0745007d567fae
Link:
https://www.unpac.me/results/eba3b3fe-58c2-4f1c-b439-29a9d0a2e6e6/
SH256 hash:
b202f74ecf1a8d423c2187df2d33fc765727a46b186b408394b8eccc31554203
MD5 hash:
4d2a92dc096d746f1e840c06745be063
SHA1 hash:
881ef76170e6fe0b0c662b7c3b45ff06526c0223
Link:
https://www.unpac.me/results/eba3b3fe-58c2-4f1c-b439-29a9d0a2e6e6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AsyncRAT
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b202f74ecf1a8d423c2187df2d33fc765727a46b186b408394b8eccc31554203

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/172408/

Comments