MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39283c84beb4add2e762b1277d9d2095ca8added7aa5c10cccecbff92a0b9b91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	39283c84beb4add2e762b1277d9d2095ca8added7aa5c10cccecbff92a0b9b91
SHA3-384 hash:	edb6298308f55487ab10d0dba4fbde71cea8ee49a72d3238c9a6bb44e0d2fa427fae300ffed8e63a9dde09481eefa30e
SHA1 hash:	ca2cb837e1440b5665d564c563d9216de4638578
MD5 hash:	2eeb3fe2528198d90060690e2b2fc2cc
humanhash:	tennis-fish-illinois-fourteen
File name:	39283c84beb4add2e762b1277d9d2095ca8added7aa5c10cccecbff92a0b9b91.ps1
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	121 bytes
First seen:	2025-08-08 10:28:15 UTC
Last seen:	Never
File type:	ps1
MIME type:	text/plain
ssdeep	3:fd9HCR2EYtXiW8+zicU0dWIpT7ceEX6MFIKgJ:fdhCtYtSomcU0MIpT7yX6MFIzJ
Threatray	403 similar samples on MalwareBazaar
TLSH	T1FEB04CE40568003665DCD65612BA8A579450E455899A96586960C4515150265A342624
Magika	powershell
Reporter	JAMESWT_WT
Tags:	AsyncRAT bknxmf-com ps1

Intelligence

File Origin

# of uploads :

1

# of downloads :

63

Origin country :

IT

Vendor Threat Intelligence

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6895ba7811d7f9b979e67c0b

Tags:

autorun emotet

Verdict:

Malicious

Labled as:

BZC.PZQ.Nioc.14

Link:

https://www.hybrid-analysis.com/sample/39283c84beb4add2e762b1277d9d2095ca8added7aa5c10cccecbff92a0b9b91

Score:

13%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/39283c84beb4add2e762b1277d9d2095ca8added7aa5c10cccecbff92a0b9b91

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/39283c84beb4add2e762b1277d9d2095ca8added7aa5c10cccecbff92a0b9b91/

Verdict:

Malicious

Threat:

Family.ASYNCRAT

Link:

https://tip.neiki.dev/file/39283c84beb4add2e762b1277d9d2095ca8added7aa5c10cccecbff92a0b9b91

Threat name:

Script-PowerShell.Trojan.Powdow

Status:

Malicious

First seen:

2025-08-08 08:51:09 UTC

File Type:

Text (PowerShell)

AV detection:

7 of 22 (31.82%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=heudzbf6wsw5fz3cwetx3hjasxfivxpnpks4cdgm5s77skqltoiq._file

Verdict:

malicious

Label(s):

resolverrat

asyncrat

anarchypanelrat

Similar samples:

7f21659ae9692d517b96389596eb7d11bb5ee7288968f8394085a53d27475bb8

812e83c65db512f4467b5959a1efa053c9beec05b6eef5b6b5b85904ed8e79ca

8c4e2908eebef7809f904d0e93851ab9397db0693c989dc9c83e840c927d3dc8

9f8de3fc9db08620ba81ba0aab78c304aa2df19942400503e74d2d9e7b2083aa

+ 393 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

execution

Link:

https://tria.ge/reports/250808-mhzw5asvft/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Malware Config

Dropper Extraction:

http://bknxmf.com/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/39283c84beb4add2e762b1277d9d2095ca8added7aa5c10cccecbff92a0b9b91

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample