MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45acea3b55de4edaa754de806e31f781788f096dcedca2bb673f214caff516a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 12

Intelligence 12 IOCs YARA 5 File information Comments

SHA256 hash:	45acea3b55de4edaa754de806e31f781788f096dcedca2bb673f214caff516a8
SHA3-384 hash:	e8053b410bf92cab0f504e2f8119311f9be797ca3ff4894158da34640c68bff9f2cb0753170d64ac7605f43afa90705f
SHA1 hash:	45709cb731d27c45c606c2e4e79ccd092dcd3131
MD5 hash:	03a8376fbd5bd5357b4d8fac0c84503c
humanhash:	coffee-mars-neptune-speaker
File name:	MicrosoftUpdate18-06-2025.vbs
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	1'135 bytes
First seen:	2025-09-11 12:34:16 UTC
Last seen:	Never
File type:	vbs
MIME type:	text/plain
ssdeep	24:+RyGb3ZtO915X1Qdw9tB6C2xqXwGm2Q1kf7L0R/1ZqjFZqVnTV+m6f7L0RAV:u7bnm15X1QyQ7Gm2QmffWA+J6ffvV
Threatray	450 similar samples on MalwareBazaar
TLSH	T1F82100157948A3222A62B6BB5C33FC4C5483145CB058B948B08ACEBA01D436CC7FA8FB
Magika	powershell
Reporter	JAMESWT_WT
Tags:	AsyncRAT ConnectWise-Rat namhamzagood-com vbs

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/26888/

Detection(s):

SecuriteInfo.com.VBS.Starter-2.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68c2c1df6e66ba602d7a6542

Tags:

asyncrat shell sage blic

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive opendir opendir powershell

Link:

https://www.filescan.io/uploads/68c2c1f1732879482926bb8b/reports/131478c3-c30c-4069-a60c-00a4619b9572/overview

Verdict:

Suspicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/45acea3b55de4edaa754de806e31f781788f096dcedca2bb673f214caff516a8

Verdict:

Malicious

File Type:

vbs

First seen:

2025-09-08T10:18:00Z UTC

Last seen:

2025-09-08T10:18:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan.Script.Generic PDM:Trojan.Win32.Generic Trojan-Downloader.JS.SLoad.sb Trojan.Win32.Agent.sb Trojan.VBS.SAgent.sb Trojan.JS.SAgent.sb HEUR:Trojan-Downloader.Script.Generic

Link:

https://opentip.kaspersky.com/45acea3b55de4edaa754de806e31f781788f096dcedca2bb673f214caff516a8/results?tab=lookup

Score:

71%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/45acea3b55de4edaa754de806e31f781788f096dcedca2bb673f214caff516a8

Verdict:

Malware

YARA:

3 match(es)

Tags:

Batch Command PowerShell PowerShell Call VBScript Wscript.Shell

Link:

https://app.malva.re/file/03a8376fbd5bd5357b4d8fac0c84503c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/45acea3b55de4edaa754de806e31f781788f096dcedca2bb673f214caff516a8/

Verdict:

Malicious

Threat:

Family.ASYNCRAT

Link:

https://tip.neiki.dev/file/45acea3b55de4edaa754de806e31f781788f096dcedca2bb673f214caff516a8

Threat name:

Script-WScript.Backdoor.AsyncRat

Status:

Malicious

First seen:

2025-07-21 21:10:54 UTC

File Type:

Text (PowerShell)

AV detection:

9 of 38 (23.68%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=iwwouo2v3zhnvj2u32ag4mpxqf4i6clnz3okfo3hh4quzl7vc2ua._file

Verdict:

malicious

Label(s):

asyncrat

AsyncRAT

51042b77cd0432083c33d32d17332f8bb196c48e8f1d075174e3ab7a8fbf9c7d

AsyncRAT

7a77290685b008f799f7d0959f37edb7ad2a9fb3df1bd05cef5e6c792928e66a

AsyncRAT

9de2d029ed9820365edfee67a095513aef305825f665e0acc0dbc56081252c9c

AsyncRAT

a487fb9ac0c380326884e378ec27d11786bc7146f66539df83b05b747037c528

AsyncRAT

c6e92bc1395d1865f41e0d10256f7de0fd6913a07c414b2489a191227b3730f6

AsyncRAT

error

AsyncRAT

ff6ee4d16712bd542ca2860a4bfe3b9ca7dd88f70d54215e069ffc3ec2cb7ea6

AsyncRAT

+ 440 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

execution

Link:

https://tria.ge/reports/250911-pr2s7aszaz/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/45acea3b55de4edaa754de806e31f781788f096dcedca2bb673f214caff516a8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	detect_powershell Create hunting rule
Author:	daniyyell
Description:	Detects suspicious PowerShell activity related to malware execution

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

Rule name:	WIN_ClickFix_Detection Create hunting rule
Author:	dogsafetyforeverone
Description:	Detects ClickFix social engineering technique using 'Verify you are human' messages and malicious PowerShell commands
Reference:	ClickFix social engineering and malicious PowerShell commands

Rule name:	WIN_FileFix_Detection Create hunting rule
Author:	dogsafetyforeverone
Description:	Detects FileFix social engineering technique that launches chained PowerShell and PHP commands from file explorer typed paths
Reference:	FileFix social engineering with PowerShell and PHP commands

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/26888/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample