MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b613d42ccd8fe35782587bd10f517c98ef7bed1d1e629731cc9ff745faa9c67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b613d42ccd8fe35782587bd10f517c98ef7bed1d1e629731cc9ff745faa9c67
SHA3-384 hash: 0018b400e2a2683db4c63b8573a8a3eb1f376c341875fdc8ce847fdbe6241aa886bcc1b6efb0251797885eace52aa367
SHA1 hash: 4660f606115d4d7031e6f46792942abb090fb1db
MD5 hash: b3e19daa9ef01f6e27bfa3ed7e8263f7
humanhash: ten-helium-lithium-friend
File name:PhM091.bat
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:2'261 bytes
First seen:2026-03-18 16:25:35 UTC
Last seen:2026-03-18 16:25:52 UTC
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 48:1o/BfScAObEpEu+3tj0udzokhinr2aI2TJt2jCdJ1/pHhBaJr:1o/nEGXj2khir2aI2Tv2jC1pHhEZ
Threatray 400 similar samples on MalwareBazaar
TLSH T1E04141862CD661314131D773B21441DAF99E33870F81E5CD3A82808E2F5D2D38BDE9D5
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Magika batch
Reporter JAMESWT_WT
Tags:AsyncRAT bat WsgiDAV

Intelligence

File Origin
# of uploads :
2
# of downloads :
61
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
lnvoice24331366173.url
Verdict:
Malicious activity
Analysis date:
2026-03-17 15:52:42 UTC
Tags:
webdav auto generic
Link:
https://app.any.run/tasks/08c135aa-7347-4c62-afcb-5dcafce056ae

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/58006/
Detection(s):
Sanesecurity.Malware.BadBatObs.31934.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69bad22a88c80c01586bb074
Tags:
autorun dropper shell sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a process from a recently created file
Creating a window
Running batch commands
Creating a process with a hidden window
Launching a process
DNS request
Connection attempt
Sending a custom TCP request
Sending an HTTP GET request
Enabling autorun by creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm cscript evasive explorer fingerprint lolbin obfuscated timeout wscript
Link:
https://www.filescan.io/uploads/69bad229677ac46843a69ce4/reports/c1b9d260-16bd-46a0-947a-02e4a0123ce1/overview
Verdict:
Suspicious
Labled as:
DR/SNH
Link:
https://www.hybrid-analysis.com/sample/1b613d42ccd8fe35782587bd10f517c98ef7bed1d1e629731cc9ff745faa9c67
Result
Gathering data
Verdict:
Malicious
File Type:
cmd
Detections:
Trojan.BAT.Runner.ef
Link:
https://opentip.kaspersky.com/1b613d42ccd8fe35782587bd10f517c98ef7bed1d1e629731cc9ff745faa9c67/results?tab=lookup
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b613d42ccd8fe35782587bd10f517c98ef7bed1d1e629731cc9ff745faa9c67/
Verdict:
Malicious
Threat:
Trojan.BAT.Runner
Link:
https://tip.neiki.dev/file/1b613d42ccd8fe35782587bd10f517c98ef7bed1d1e629731cc9ff745faa9c67
Threat name:
Win32.Dropper.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-18 15:07:51 UTC
File Type:
Text (Batch)
AV detection:
1 of 36 (2.78%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dnqt2qwm3d7dk6bfq66rb5ixzghpppwr2htcs4y4zh7xix5ktrtq._file
Verdict:
malicious
Label(s):
donutloader
Create hunting rule
xworm
Create hunting rule
asyncrat
Create hunting rule
Similar samples:
3d2c2b0e37ad53eefda6f48d1eb87516e013501f6fd1492bb11ac5aea25793ac
AsyncRAT
502ea40b18677aae31abd50b9c645760a204c4a92b661541631fe6e215df88bf
AsyncRAT
5064aa4a8a667768fde17cf14512f06eb5ae6a8e4dc8f2b63541705563a34562
AsyncRAT
827bde9f43a79da6a622f52bf5541a535e16d4d1718e46261268d5047b29dd50
AsyncRAT
a13b83bc6a73748046889f150f3865c9299a0f660dec7f865280e7dee165c4d1
AsyncRAT
c068cc48bec2df63dd7b04434b7692535ae447275d2328b1a3e797c5652ceb3c
AsyncRAT
ea455824ada64047aba9990bfa8825e807ebbd40bf21617faf0b3460af2a8ffe
AsyncRAT
error
AsyncRAT
f14f79992777e93deb7c49c9f70a59783d51f68a53cb6399c8393998efb85198
AsyncRAT
f545d644196419b41eadae3f0846888c396284cc148c780916c0d96a07f71b40
AsyncRAT
+ 390 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion
Link:
https://tria.ge/reports/260318-txmnnsf15t/
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Drops startup file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.23
Link:
https://yomi.yoroi.company/submissions/1b613d42ccd8fe35782587bd10f517c98ef7bed1d1e629731cc9ff745faa9c67

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/58006/

Comments