MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3
SHA3-384 hash: a1b01dbddf44dcb52aa41b1ba336f7cb15f1ba96c0454152b7c671accb393a00fce02c2ff83a8c2bf2ac2ac56f47a362
SHA1 hash: fa942ea34e59c938d9c307a9c5054118b21fa699
MD5 hash: c867dbeca2907417d58f0bfb4de699d6
humanhash: cat-fanta-romeo-beryllium
File name:hy.ps1
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:9'437'184 bytes
First seen:2024-04-25 13:10:31 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 24576:sEAjJLSsZ05S8PllqWR4Q4/YVwCxCpMt8JNim5irz5aRt5vQZUZMc7JS0Ccn3ban:W8RVkwoFZ0qQpynBV
TLSH T1C996AE60BF945AF9EF8D1D3E906AAB1CC7F042172D32706BFA515F01B9DA146810B26F
Reporter pr0xylife
Tags:AsyncRAT ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Suspicious
Labled as:
VirTool/PS.Obfuscator
Link:
https://www.hybrid-analysis.com/sample/19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3
Result
Verdict:
MALICIOUS
Result
Threat name:
AsyncRAT, DcRat, Metasploit
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1431651
Signature
Early bird code injection technique detected
Found malware configuration
Found suspicious powershell code related to unpacking or dynamic code loading
Hijacks the control flow in another process
Loading BitLocker PowerShell Module
Malicious sample detected (through community Yara rule)
Queues an APC in another process (thread injection)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected AsyncRAT
Yara detected DcRat
Yara detected MetasploitPayload
Behaviour
Behavior Graph:
Download SVG
Score:
96%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-04-25 13:12:27 UTC
File Type:
Binary
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=deyx3jlthzan4sdxjobw7anw5xmduyexn3yybnxhs2jihgoo4hbq._file
Verdict:
unknown
Result
Malware family:
stealerium
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat family:stealerium botnet:default collection rat stealer
Link:
https://tria.ge/reports/240425-qex5xaba4z/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Looks up geolocation information via web service
Async RAT payload
AsyncRat
Stealerium
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
C2 Extraction:
91.92.252.234:3232
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments