MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 442cb71924eb54f1cc1614907fb64ee3cc88c51a3e694d5991ba3d5ca795ecec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 8


Intelligence 8 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 442cb71924eb54f1cc1614907fb64ee3cc88c51a3e694d5991ba3d5ca795ecec
SHA3-384 hash: 1f04c568828427e6a24d60e2a5f6649c2ab788d34ae9438ede9b2ea055002b6e2262337f48873470c08463c381a9d1ba
SHA1 hash: 01123d7c70b1d9632a7548b359cf960172c6e817
MD5 hash: baf0eaa1dd9b860809597175d727f9de
humanhash: paris-edward-table-leopard
File name:442cb71924eb54f1cc1614907fb64ee3cc88c51a3e694d5991ba3d5ca795ecec
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:268'288 bytes
First seen:2020-11-11 11:34:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b6fd9945877b7e9d67b9e475c6d6ddf (16 x AgentTesla, 15 x AsyncRAT, 10 x Formbook)
ssdeep 6144:edpwkvIniyELLGToTTIBWaVAOm/re0mUxtp2Is3R:edpwkwncLzRswrIh
Threatray 435 similar samples on MalwareBazaar
TLSH A944CF14B0D2C833E0F611385AD49737887578321BA5A4FFF7944B2E5E386D29672B2B
Reporter seifreed
Tags:AsyncRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
DNS request
Connection attempt to an infection source
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AsyncRAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/532174
Signature
Machine Learning detection for sample
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Writes to foreign memory regions
Yara detected AntiVM_3
Yara detected AsyncRAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/442cb71924eb54f1cc1614907fb64ee3cc88c51a3e694d5991ba3d5ca795ecec/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 11:38:12 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iqwlogje5nkpdtawcsih7nso4pgirri2hzuu2wmrxi6vzj4v5twa._file
Verdict:
malicious
Label(s):
asyncrat
Create hunting rule
Similar samples:
02dd12ec33f4f1d1bbf4f3479ad5bc88be2a1c92f19461e6f25a754e213abc42
AsyncRAT
1c3d30d7637b1a6fb648b1cf1de6c7a8375337327cd243f87d525c109554db7d
AsyncRAT
341c2ff06edc558131f9517ebabf0ce7676457cc1d33c5ab7189961d0b28b0b8
AsyncRAT
4124fa166c07644eb29d7b813889a90795f9f1448f7cae2040a1375006748617
AsyncRAT
46bf7a6257a12bb2e56d9770eebc93606d9cf3f1f3af49ba987ebfef0ddb6216
AsyncRAT
80a5d1d28c2b1a5815bdd6f0f53ecccdd271b2178410fad263ff66132011cbee
AsyncRAT
a16602864c33b68b083a8a404c6500b44bf3247c474071cb7dd4216a39e5347e
AsyncRAT
de414479c5733e9e4ef7d9876b54037f05fb659837ae4efd62791013c75f2b78
AsyncRAT
e45c663a64882bcbb2314a2cf6bd2da6db9b1697df4a9c96c24f4dd834e7b662
AsyncRAT
ebb67fcc05af7a919e225a7a1f8c5bfbd65b28c22f4659527b0afb4f968ccd49
AsyncRAT
+ 425 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201111-4qcj61atzx/
Unpacked files
SH256 hash:
442cb71924eb54f1cc1614907fb64ee3cc88c51a3e694d5991ba3d5ca795ecec
MD5 hash:
baf0eaa1dd9b860809597175d727f9de
SHA1 hash:
01123d7c70b1d9632a7548b359cf960172c6e817
Link:
https://www.unpac.me/results/3a2f954c-e6b6-40ba-8cc6-a86aa9b3d144/
SH256 hash:
c6d69e1170c1ab4390b100e0a695b8d5caddd742a04f797e0341c4a0a947dfb9
MD5 hash:
e8850169f609ab30b48d63f1986c4208
SHA1 hash:
a0f190a4bd23d919c071cb905015e93443e55638
Detections:
win_asyncrat_w0
Create hunting rule
Link:
https://www.unpac.me/results/3a2f954c-e6b6-40ba-8cc6-a86aa9b3d144/
Parent samples :
80a5d1d28c2b1a5815bdd6f0f53ecccdd271b2178410fad263ff66132011cbee
442cb71924eb54f1cc1614907fb64ee3cc88c51a3e694d5991ba3d5ca795ecec
fdffdb9d123650db520c7da7ab503cebe8201d6ba3e0f4e908c9f8a25c52db8d
d98579feb7532a6355ec82cb8f5148c799a11805d53f34fbf00d6329f9055095
7e54242b6edd5cd9e74713ce3f286b45493ca934575392ba11bb23f845023b6a
bd863689df63af53f10a468821d3e5e096dd2c1b370b971e7c9e39b5f7313893
527be16584b4e94836d245c252561c466246e29c0aa029ce0bd79bcd24164fe6
a79d1e5067fa18e12d243a85a54127e5da42319ed13cd54090d006f9bb3266cc
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:asyncrat
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect AsyncRat in memory
Reference:internal research
Rule name:INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse
Create hunting rule
Author:ditekSHen
Description:Detects file containing reversed ASEP Autorun registry keys
Rule name:Reverse_text_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Reverse text detected
Rule name:win_asyncrat_j1
Create hunting rule
Author:Johannes Bader @viql
Description:detects AsyncRAT
Rule name:win_asyncrat_w0
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect AsyncRat in memory
Reference:internal research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments