MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539
SHA3-384 hash: d6a1e7083da7148b7d0318cb0e34442e9d898b828dfb3cc1aab09693360fea8b41bffcd59b6f5628fb6a7c1db2d055f4
SHA1 hash: 2f924ea70a3a8c7b3c5808af437cb895f90f588a
MD5 hash: a673f1b64b97384cdb86e148a94188e8
humanhash: red-august-alanine-golf
File name:Factura 0000000065.xll
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:653'824 bytes
First seen:2022-02-22 08:07:45 UTC
Last seen:Never
File type:Excel file xll
MIME type:application/x-dosexec
imphash be710ba34b048ab0098050ccf62e369c (18 x Formbook, 14 x Dridex, 9 x AgentTesla)
ssdeep 12288:O0Ws7IMsR4yVld8bzbBSreOBY4ZyrE7K3yl8PeVooA/AB2LEJZsAQPUqjj:O0bskX1eBY4ZyrE7K3yl8PeVooA/AB2f
Threatray 40 similar samples on MalwareBazaar
TLSH T1E7D46D55BECA6EA1EFBF47B78361D62D0126736E03A0A6CF6643019D3951FC2453EA03
Reporter abuse_ch
Tags:AsyncRAT xll

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownloaderNET.312.27193.19952.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware packed
Link:
https://www.filescan.io/uploads/621499eca2660f3bb9233d3b/reports/5bb6def0-008c-4575-9ca9-b261c8a1bb4c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539/
Threat name:
ByteCode-MSIL.Trojan.AsyncRAT
Create hunting rule
Status:
Malicious
First seen:
2022-02-19 17:54:22 UTC
File Type:
PE (Dll)
Extracted files:
2
AV detection:
23 of 42 (54.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jklih45wmwhurfonhvcmjeqno7nv37kbbtynygeoj5gsoqgciu4q._file
Verdict:
malicious
Similar samples:
0c2a4483319382571e9b470d292d0b4bdd4e7e700ff5722a979e4498c147693f
AsyncRAT
12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd
AsyncRAT
727f124333294aaba156840955cbfc6ac7470768c65c1582c5e0dbfcb6f8722f
AsyncRAT
864b3cc362f84975007a63ae6f7fa6b4bdcc06f4459195896ebee385443ed44a
AsyncRAT
983ffa1a7513ab6d015e1c4785bda2a2f20a47bf6091773db9341ebcdaf84e93
AsyncRAT
9b682330445e8eb6445cc43968e21ae3ffe1b9d8c3ae5210c9a8d12416315d5d
AsyncRAT
b434e54b1f162ec9a1f9e943e8829069c8e91ff4998acdb6f0e5aa34ceee1cc4
AsyncRAT
bf3529c3d7d27a23db406da1cae1ab04e4b0c5b14de4aa69d5bb11166e1e5c1f
AsyncRAT
c61b6512d455398c2ff7fa4450c488e7eaeb8aacc01f732d8204ae302e2cc868
AsyncRAT
dcb880afbaa7e57f574b4e08595ef2c1ac7100a695359c1edc9af535d7f9e64f
AsyncRAT
+ 30 additional samples on MalwareBazaar
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat botnet:1 persistence rat spyware stealer
Link:
https://tria.ge/reports/220222-j1kndaedf6/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Executes dropped EXE
Async RAT payload
AsyncRat
Malware Config
C2 Extraction:
212.193.30.54:8755
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

Excel file xll 4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments