MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 132acdd518240ece3cb4da78c47bc7fc5ed8d55420084104cbc91e6022bdb833. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 15


Intelligence 15 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 132acdd518240ece3cb4da78c47bc7fc5ed8d55420084104cbc91e6022bdb833
SHA3-384 hash: 977ebd801965f7a11f699fdf89ee0821ed5f2a67f02ed0dc8835ab9b26f7c9d859ad48d677c8550fd57c30777cb3bc36
SHA1 hash: 6764afeaacf798cf028e299c899f517dab288315
MD5 hash: 8be3ed1a25c8897814fb4406f67e20ab
humanhash: texas-pennsylvania-jig-item
File name:132acdd518240ece3cb4da78c47bc7fc5ed8d55420084104cbc91e6022bdb833
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:433'880 bytes
First seen:2023-10-12 12:22:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e23c84076c2d588e1423cbfd92719fb0 (1 x AsyncRAT)
ssdeep 6144:6JMjlxapsNjrd+JWHVJfgPyOH+8tmZWeCC55Dmfm/zRU:6mksNjrd+JWHVJftOH+8tmD+6RU
Threatray 100 similar samples on MalwareBazaar
TLSH T169945C2078C18136DDF230FE46ECB571156EA8F007245AD756C80BFED6246E1BF36A6A
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 3474d4d4d4c4cc92 (1 x AsyncRAT)
Reporter adrian__luca
Tags:AsyncRAT exe signed

Code Signing Certificate

Organisation:Amangul Bondar Rodionov CA
Issuer:Birgitte Kjersti Melisa Lundg?¥rd CA
Algorithm:sha256WithRSAEncryption
Valid from:2023-09-14T01:11:17Z
Valid to:2029-12-31T16:00:00Z
Serial number: 22e92005423972bc4ea1f050126e07df
Thumbprint Algorithm:SHA256
Thumbprint: 43393ef70a67bcfc47c4c1426e3e309ba953b65492a0a7ad786324241a955e7e
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
282
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
asyncrat
Create hunting rule
ID:
1
File name:
132acdd518240ece3cb4da78c47bc7fc5ed8d55420084104cbc91e6022bdb833
Verdict:
Malicious activity
Analysis date:
2023-10-12 12:21:33 UTC
Tags:
rat asyncrat remote
Link:
https://app.any.run/tasks/86b35918-1b3d-4908-bd13-6eaca5383cd1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/453807/
Detection(s):
SecuriteInfo.com.BackDoor.AsyncRATNET.1.29033.22663.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Sending an HTTP GET request
Creating a file
Creating a file in the %AppData% subdirectories
Сreating synchronization primitives
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Setting a global event handler for the keyboard
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware overlay packed phishing redcap
Link:
https://www.filescan.io/uploads/6527e52824a904726709d187/reports/a84395ac-b0ac-405c-93ae-a6fe20cf1931/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/132acdd518240ece3cb4da78c47bc7fc5ed8d55420084104cbc91e6022bdb833
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
ModernLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0bcba699-a458-427e-8bab-78da043779a9
Result
Threat name:
AsyncRAT, DcRat
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1324656
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Yara detected AsyncRAT
Yara detected DcRat
Behaviour
Behavior Graph:
Download SVG
Score:
84%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/132acdd518240ece3cb4da78c47bc7fc5ed8d55420084104cbc91e6022bdb833
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/132acdd518240ece3cb4da78c47bc7fc5ed8d55420084104cbc91e6022bdb833/
Threat name:
Win32.Backdoor.AsyncRAT
Create hunting rule
Status:
Malicious
First seen:
2023-09-14 23:46:19 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
20 of 38 (52.63%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cmvm3viyeqhm4pfu3j4mi66h7rpnrvkueaeecbglzepgaiv5xazq._file
Verdict:
malicious
Similar samples:
188eced85124122e1465031e6536377b4283f00d24fa28626f71138a4dc06cfc
AsyncRAT
19ff6f8df881b811dc4719e6a8c2b91d94323f7f2b05cec93f5c11d0d8e61143
AsyncRAT
3a679cb98f88d7d6bd84dcfe9717238c08c05942055bdb798103224e7f2f2ca9
AsyncRAT
565f27efbfaabc879f74e800abdb63f4ad46d49b654927a551a8a6cd17be5ac1
AsyncRAT
60416198c9b2105c9204638fd00e154e2f5c32ba45f5a8ae2671bae565c062e9
AsyncRAT
8a39fbbdc6242227e330edfb6a3916058c613b0535633ac1bbbc2b0d22647b5f
AsyncRAT
b62fc62a03e4d6c0eac25a8b104d8064288fdc5665ddc19ba55ed520ab9f2827
AsyncRAT
cef2bd1b1b01dda513421bb2cee542c016b3d25103e4086f6c5684e687f48ae8
AsyncRAT
d35d61849f839f688f10bcffc545e7a008fa248b71bdc8af3b0fdd2023670690
AsyncRAT
f52211f91feb402172b2353d628d74922ec8233bffe21cb504634be39560adaf
AsyncRAT
+ 90 additional samples on MalwareBazaar
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat botnet:default discovery rat
Link:
https://tria.ge/reports/231012-pkgjnshh9v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Checks installed software on the system
Async RAT payload
AsyncRat
Malware Config
C2 Extraction:
62.234.33.152:3502
Unpacked files
SH256 hash:
132acdd518240ece3cb4da78c47bc7fc5ed8d55420084104cbc91e6022bdb833
MD5 hash:
8be3ed1a25c8897814fb4406f67e20ab
SHA1 hash:
6764afeaacf798cf028e299c899f517dab288315
Link:
https://www.unpac.me/results/a30fdfa8-8777-4a49-aabe-7b13e824b4d6/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/132acdd51824/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/132acdd518240ece3cb4da78c47bc7fc5ed8d55420084104cbc91e6022bdb833

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/453807/

Comments