MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 043624c213f4575f22c66f72f20dd68a1126363beefd8d1c7c5c0d82a5a556ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	043624c213f4575f22c66f72f20dd68a1126363beefd8d1c7c5c0d82a5a556ce
SHA3-384 hash:	65349786b0e0750de83cda773b3288ce360eacd1a4223af301ec3db378d262f700c3379616294a16646f7798401f5987
SHA1 hash:	e84453078a9a52320c6ad40f69c40bd69a668edf
MD5 hash:	de2c24477dcd21200bfc23ba4ad8e3f5
humanhash:	eight-harry-red-earth
File name:	Invoice_69611.vbs
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	7'730 bytes
First seen:	2021-09-23 21:01:57 UTC
Last seen:	Never
File type:	vbs
MIME type:	text/plain
ssdeep	192:vxEFXNIFX0zREJXCIjX+ReEIX2IhXodN2cxVpN2cC:L
Threatray	1'481 similar samples on MalwareBazaar
TLSH	T17EF11D2EE0A3D5514769C312CB98BE2C5C1D0889CA35B95CA5F36680AF30FA46A54F7F
Reporter	abuse_ch
Tags:	AsyncRAT vbs

Intelligence

File Origin

# of uploads :

1

# of downloads :

264

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/190873/

Detection(s):

Vbs.Downloader.Agent-9893456-1

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/856919

Signature

Creates an undocumented autostart registry key

Sigma detected: CrackMapExec PowerShell Obfuscation

VBScript performs obfuscated calls to suspicious functions

Very long command line found

Wscript starts Powershell (via cmd or directly)

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/043624c213f4575f22c66f72f20dd68a1126363beefd8d1c7c5c0d82a5a556ce/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=aq3cjqqt6rlv6iwgn5zpedowriismnr3536y2hd4lqgyfjnfk3ha._file

Verdict:

malicious

Label(s):

asyncrat

Similar samples:

0741c36ad10f51f858eefc2e2f0879c9ef1ae90af61d766bd50ebcc67f4d5579

12f2e964639c39076f29196264c1dcbd3792eaaaa77aca14986a802a122b341b

486b4fcc5a6e4f4e949aa11aa3f2e9d8d2075ac8445617af8c41ab214f6dbfa0

51e6527daa5a10028c434c7ceaed1570ddd95e1de0eafa702f77860cec3d0b7c

70c61a7220e7df5841fded5bafa8340c388440911f8c894b35872188f300f29d

766d8e9d2d0de0a0ba2440a847e7eb7da3e69d51331e15a61ec1d25d3d92fc3e

831d7b676bb75c44df50f40798fe739cb07d4c0b1ee217a7e8fea443f7b00346

ecfaef9e7fc7c83be8beedfcbef268c3d5a91a904ed211fa553c9e9b6aaa9c42

ffec1862f56857ad722abbcb98be7af86f2cf0763371bcb40273f0d884157c32

+ 1'471 additional samples on MalwareBazaar

Result

Malware family:

asyncrat

Score:

10/10

Tags:

family:asyncrat rat

Link:

https://tria.ge/reports/210923-zvg83afbfj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Suspicious use of SetThreadContext

Blocklisted process makes network request

Async RAT payload

AsyncRat

Malware Config

Dropper Extraction:

http://40.127.142.17/oppo.txt

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/043624c213f4/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/043624c213f4575f22c66f72f20dd68a1126363beefd8d1c7c5c0d82a5a556ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/190873/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample