MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 314da6390de0ad75f28444ffc07d629d1388e9d00946095b8036798e6e780866. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 314da6390de0ad75f28444ffc07d629d1388e9d00946095b8036798e6e780866
SHA3-384 hash: b2cbc39ee86305c5a781fe672c61519e5cf1755b5144fbbfcf16c76b3ebcb331923fe69db1139fcfc9175ea0fc4f6745
SHA1 hash: a714e9ab67c5933f47e7ba2ce8ef9cc739fbbe82
MD5 hash: 430a4595afb58a371baeca84f5fdad4b
humanhash: summer-mobile-salami-echo
File name:SecuriteInfo.com.Win32.AdwareX-gen.27441.8494
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:201'672 bytes
First seen:2023-12-15 10:15:33 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dcfee58a3d5f8da2a88f4ee7b3dcb6a3 (2 x AsyncRAT)
ssdeep 3072:G5u2QctfmR6pPSX65K05LfrwbHyDCO+OtCh6Rs99AjS9IW6GXDjYdFR/ujluX6g9:GqcAdwxfr1e1Ok0R09A2KW6ykjHxf73v
Threatray 4 similar samples on MalwareBazaar
TLSH T186148C0371C08472C5BF16350A758BB21B3EBDB05FA19ACFA7948D7A8F701C1A635A5B
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter SecuriteInfoCom
Tags:AsyncRAT dll signed

Code Signing Certificate

Organisation:MEDIATEK INC.
Issuer:VeriSign Class 3 Code Signing 2010 CA
Algorithm:sha1WithRSAEncryption
Valid from:2014-05-26T00:00:00Z
Valid to:2017-06-24T23:59:59Z
Serial number: 56f008e69a7c4c3feb389c66eaf58259
Intelligence: 16 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 322be21fe24713b9a5455f96f109c0621bea49279f498619759c48a1185ddee2
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
312
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467535/
Detection(s):
SecuriteInfo.com.Win32.AdwareX-gen.27441.8494.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control lolbin masquerade overlay packed
Link:
https://www.filescan.io/uploads/657c2763b290743934e5ba90/reports/41effb79-b048-49ad-8c3b-095106936b2c/overview
Verdict:
Malicious
Labled as:
Jaik.Generic
Link:
https://www.hybrid-analysis.com/sample/314da6390de0ad75f28444ffc07d629d1388e9d00946095b8036798e6e780866
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ff52e61f-9f5c-4a65-8e0f-80935711f89d
Result
Threat name:
AsyncRAT, DcRat
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1362590
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Antivirus detection for URL or domain
Contains functionality to log keystrokes (.Net Source)
Found API chain indicative of debugger detection
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected AsyncRAT
Yara detected DcRat
Behaviour
Behavior Graph:
Download SVG
Score:
11%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/314da6390de0ad75f28444ffc07d629d1388e9d00946095b8036798e6e780866
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/314da6390de0ad75f28444ffc07d629d1388e9d00946095b8036798e6e780866/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-12-15 08:59:19 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
10 of 23 (43.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gfg2moin4cwxl4ueit74a7lctujyr2oqbfdasw4agz4y43tybbta._file
Verdict:
malicious
Similar samples:
24c323f9be2d7476c9233e35a10dcf35d58e25b956dfdfa15e492edbb02153b8
AsyncRAT
ee04724662bb9fab4a290c3152a80880c92711f4d999cb7429d6fdee10aaeddd
AsyncRAT
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/231215-massvacabn/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
314da6390de0ad75f28444ffc07d629d1388e9d00946095b8036798e6e780866
MD5 hash:
430a4595afb58a371baeca84f5fdad4b
SHA1 hash:
a714e9ab67c5933f47e7ba2ce8ef9cc739fbbe82
Detections:
INDICATOR_KB_CERT_56f008e69a7c4c3feb389c66eaf58259
Create hunting rule
Link:
https://www.unpac.me/results/2ea04ca0-1c03-4c55-bd90-253880ed916f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/314da6390de0ad75f28444ffc07d629d1388e9d00946095b8036798e6e780866

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AsyncRAT

DLL dll 314da6390de0ad75f28444ffc07d629d1388e9d00946095b8036798e6e780866

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2740599/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/467535/

Comments