MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c25e70be79c3f4728f257f560a9499f01a42f42d976da4f120f0eec0e9d1309. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 14

Intelligence 14 IOCs YARA 1 File information Comments

SHA256 hash:	3c25e70be79c3f4728f257f560a9499f01a42f42d976da4f120f0eec0e9d1309
SHA3-384 hash:	4e708605e9444e9bc7958400bb3fcf50b3520477dcb269f2a1739234375524ac51c816427060f8750f84f0fe1e3a0594
SHA1 hash:	3d2c2d59d20aa97ecf17038200deaa14eba2d0b9
MD5 hash:	5781affc3e9f082793afb33130433042
humanhash:	winner-island-west-lamp
File name:	disqxgklpypl.bat
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	47'954 bytes
First seen:	2026-03-31 15:02:35 UTC
Last seen:	Never
File type:	bat
MIME type:	text/x-msdos-batch
ssdeep	768:Mb3/4lrwxicMmcZyIa9lHVUuadeHVClAQun54bET7PBqGkYO8u6VMQddlLh23/oB:FlkL1cZyXuuas1MA3YEXkYVXLbEPiHxF
Threatray	1'684 similar samples on MalwareBazaar
TLSH	T10123D037F7C35200862F855BC460DE47378A8FE70B1D8AA9E27A55A3C496F85940CFE9
Magika	batch
Reporter	JAMESWT_WT
Tags:	AsyncRAT bat github-com--ashduasdoasdoasd

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Gathering data

Malware family:

asyncrat

ID:

File name:

disqxgklpypl.bat

Verdict:

Malicious activity

Analysis date:

2026-03-25 14:18:34 UTC

Tags:

asyncrat

Link:

https://app.any.run/tasks/697da3d9-35ed-4996-ab66-799dd8fbb72e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Gathering data

Detection(s):

SecuriteInfo.com.Script.SNH-gen.84299378.UNOFFICIAL

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69c3eeb8390b99647413a6f5

Tags:

asyncrat autorun

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Launching a process

Creating a window

Creating a file

Sending a custom TCP request

Creating a process with a hidden window

Creating a process from a recently created file

Сreating synchronization primitives

Connection attempt

Unauthorized injection to a recently created process

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

aes base64 certutil crypto encrypted evasive lolbin obfuscated powershell

Link:

https://www.filescan.io/uploads/69cbe2312346b9da57b3b35a/reports/20e70015-1866-4e9a-a9cd-2434b7ab725f/overview

Verdict:

Malicious

Link:

https://www.hybrid-analysis.com/sample/3c25e70be79c3f4728f257f560a9499f01a42f42d976da4f120f0eec0e9d1309

Verdict:

Unknown

File Type:

text

Link:

https://opentip.kaspersky.com/3c25e70be79c3f4728f257f560a9499f01a42f42d976da4f120f0eec0e9d1309/results?tab=lookup

Score:

98%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/3c25e70be79c3f4728f257f560a9499f01a42f42d976da4f120f0eec0e9d1309

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3c25e70be79c3f4728f257f560a9499f01a42f42d976da4f120f0eec0e9d1309/

Verdict:

Malicious

Threat:

Family.ASYNCRAT

Link:

https://tip.neiki.dev/file/3c25e70be79c3f4728f257f560a9499f01a42f42d976da4f120f0eec0e9d1309

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2026-03-25 14:18:36 UTC

File Type:

Text (Batch)

AV detection:

3 of 24 (12.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hqs6oc7htq7uokhsk72wbkkjt4a2il2c3f3nutysb4hoydu5cmeq._file

Verdict:

malicious

Label(s):

asyncrat

AsyncRAT

5e088f3ae8bf2631e5aaa8de2facd537a65ef5e269924213e14ee41d94b6a446

AsyncRAT

7c8c576731dd13174bd9289726bc59c98fa0db27515da65d5f3434c5c2921d02

AsyncRAT

7f14cf5740bb204942ae69690aea4bb17dea9bee17323311a6613c766a716b24

AsyncRAT

c5bfd0abb2e443daf2b319726ee97aadc657aacde9f466228efe908e2193e9b3

AsyncRAT

e5cc1cac795755ade9067768ac3a2d037ab18977e4223291d55e636663a3d282

AsyncRAT

error

AsyncRAT

+ 1'674 additional samples on MalwareBazaar

Result

Malware family:

asyncrat

Score:

10/10

Tags:

family:asyncrat botnet:default defense_evasion discovery execution rat

Link:

https://tria.ge/reports/260331-se4zkabv8r/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

System Location Discovery: System Language Discovery

Deobfuscate/Decode Files or Information

Executes dropped EXE

Command and Scripting Interpreter: PowerShell

Async RAT payload

AsyncRat

Asyncrat family

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

iSpy Keylogger

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3c25e70be79c3f4728f257f560a9499f01a42f42d976da4f120f0eec0e9d1309

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/59922/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample