MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f11bffd7dc8e6ef821146ebe88d0d39a30c2fb423d808da4c4cf5458c7b7031. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	2f11bffd7dc8e6ef821146ebe88d0d39a30c2fb423d808da4c4cf5458c7b7031
SHA3-384 hash:	81fdb02187326b8a60b379a7866acb86cf700e2cb18a94269e6586f2fc4eafddecd540484c1e51c3e1ec174b7aedd6b2
SHA1 hash:	c83b455f8b303ebd09b2ad6b39bd5ee9cb63d44b
MD5 hash:	767ee95af5d596c5077a64f33a6f9720
humanhash:	saturn-kansas-butter-apart
File name:	2f11bffd7dc8e6ef821146ebe88d0d39a30c2fb423d808da4c4cf5458c7b7031
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	10'728 bytes
First seen:	2024-09-18 07:02:00 UTC
Last seen:	2024-09-18 07:28:26 UTC
File type:	js
MIME type:	text/plain
ssdeep	192:UiDqfAls/c4Ty8Smp7EcAjOGQWwiDqfAls/c4Ty8Smp7EcAjOGQWg:UihKRTgmpocAjOG2ihKRTgmpocAjOGO
Threatray	3'194 similar samples on MalwareBazaar
TLSH	T148226B69C577452B0A17A3A172241283B86A78C0C3DDD2F0BE498F867CD1DA97D4CEF2
Magika	txt
Reporter	JAMESWT_WT
Tags:	AsyncRAT illuminazioneproduzione-it js mohfat7y-freeddns-org-7077

Intelligence

File Origin

# of uploads :

2

# of downloads :

114

Origin country :

IT

Vendor Threat Intelligence

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=66ec740577496a3b0d6ef9ff

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/66ea7af5d2758b8668ba812a/reports/19896561-cfd0-4f60-880c-3dc0f377773c/overview

Verdict:

Suspicious

Labled as:

TrojanDownloader/VBS.Agent

Link:

https://www.hybrid-analysis.com/sample/2f11bffd7dc8e6ef821146ebe88d0d39a30c2fb423d808da4c4cf5458c7b7031

Result

Verdict:

UNKNOWN

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1514106

Signature

Multi AV Scanner detection for submitted file

Sigma detected: WScript or CScript Dropper

Behaviour

Behavior Graph:

Score:

81%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/2f11bffd7dc8e6ef821146ebe88d0d39a30c2fb423d808da4c4cf5458c7b7031

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2f11bffd7dc8e6ef821146ebe88d0d39a30c2fb423d808da4c4cf5458c7b7031/

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=f4i377l5zdto7aqri3v6rdinhgrqyl5uepmarwsmjt2uldd3oayq._file

Verdict:

malicious

Label(s):

asyncrat

Similar samples:

0269a17c1d15a00cda8161abdccc96ac446dd15379b0828463093fe4c40afc64

2976ce51d7db3d07d1140a3d49dd8f0cb7c072c5dc5053df41499e0238e68b9d

2f11bffd7dc8e6ef821146ebe88d0d39a30c2fb423d808da4c4cf5458c7b7031

46e321489e9b76e1ccbf661d8d2972efb563de4817f67a9082da5283d2389ba8

4a1d4326c45e7b93433aa2c29d3f892a80b80daa1a4338563ac25948daf14a5a

ad2315d49459ab240df61af4f6e336f310c470ec33f8bec1cb8d4fb16b48ae9d

b5d8b5335b711198a472093fa0455af5b2176dbb47a36525fbf7e5fefbbb6ad4

e2d7d2f29210d3f1f8cac37c94464ff541187a37911210c26c0f7938739bdab8

+ 3'184 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/2f11bffd7dc8e6ef821146ebe88d0d39a30c2fb423d808da4c4cf5458c7b7031

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample