MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 267d2243fe320cdb65604a5d385dc0b1405596e8874fe4262f687d9f413ebf4c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	267d2243fe320cdb65604a5d385dc0b1405596e8874fe4262f687d9f413ebf4c
SHA3-384 hash:	f3f4e2e9e72064f820dd43f1a35d5b24275d5a64e2ec24dd24f932880004b1a6e556cd83a682f56b6b46073af12d291f
SHA1 hash:	ec2c9e9f8585e50f05618b894b5ed5956be44b27
MD5 hash:	bf91eb9a08fb756d420a395e0536a1c9
humanhash:	carolina-apart-idaho-cold
File name:	arquivo_139f442e1c964534a1f28b54ac0064e2.js
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	58'352 bytes
First seen:	2025-08-06 09:29:35 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	768:HjnTicpn1Z2qFBB1NFUgov9t0Wodcx6EgvsvxKukwuLkuwTkraYbuJu/ueIrvcHE:e
Threatray	1'727 similar samples on MalwareBazaar
TLSH	T1D443211C173F1CF9FEA729379ECA38DFE08D856201E39785231A2E4E5E2B77556804A4
Magika	javascript
Reporter	JAMESWT_WT
Tags:	AsyncRAT js shellexperiencehost-ydns-eu

Intelligence

File Origin

# of uploads :

1

# of downloads :

76

Origin country :

IT

Vendor Threat Intelligence

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=689320871e8a59ee04e64f57

Tags:

obfuscate xtreme spawn

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 obfuscated overlay powershell

Link:

https://www.filescan.io/uploads/6893208a397fd3ce6f9ef6ef/reports/7fb4a750-adab-4f4f-abb0-79a380a77fa6/overview

Verdict:

Malicious

Labled as:

BZC.UGZ.Boxter.1089

Link:

https://www.hybrid-analysis.com/sample/267d2243fe320cdb65604a5d385dc0b1405596e8874fe4262f687d9f413ebf4c

Score:

99%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/267d2243fe320cdb65604a5d385dc0b1405596e8874fe4262f687d9f413ebf4c

Verdict:

inconclusive

YARA:

1 match(es)

Link:

https://app.malva.re/file/bf91eb9a08fb756d420a395e0536a1c9

Detection:

asyncrat

Link:

https://mwdb.cert.pl/sample/267d2243fe320cdb65604a5d385dc0b1405596e8874fe4262f687d9f413ebf4c/

Verdict:

Malicious

Threat:

Family.ASYNCRAT

Link:

https://tip.neiki.dev/file/267d2243fe320cdb65604a5d385dc0b1405596e8874fe4262f687d9f413ebf4c

Threat name:

Script-JS.Backdoor.Asyncrat

Status:

Malicious

First seen:

2025-08-06 09:30:06 UTC

File Type:

Text (JavaScript)

AV detection:

11 of 24 (45.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ez6seq76gignwzlajjotqxoawfaflfxiq5h6ijrpnb6z6qj6x5ga._file

Verdict:

malicious

Label(s):

asyncrat

Similar samples:

1b0be562bf434314a8d784f0228b72b07fcb4c090c6f06fb16ba6c5af4147b02

a8d6f66d16d98baefb54cba98117106ad64788310db9112d1980b4ec302b5310

adc29eb24db484b14101ce4ab0e8eeda1586009dd65f980e596c8fa45703678c

fae34388441fe74d124b46333a4b36ba3c3034c6b0a53fccf57255628a1624e7

fdf58ed8fdad03cd75410787e5c3c60881dda2614a6f62a2e50b1a4ed4258686

+ 1'717 additional samples on MalwareBazaar

Result

Malware family:

asyncrat

Score:

10/10

Tags:

family:asyncrat botnet:25jul discovery execution rat

Link:

https://tria.ge/reports/250806-lgzpasgl71/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Checks computer location settings

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

AsyncRat

Asyncrat family

Malware Config

C2 Extraction:

shellexperiencehost.ydns.eu:9000

Dropper Extraction:

https://archive.org/download/msi_20250801/MSI.png

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/267d2243fe320cdb65604a5d385dc0b1405596e8874fe4262f687d9f413ebf4c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample