MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d5bd2d8e6125cae5bf017a0bd0375291975ceb4c0d55e87994a27ed72eb62a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 7


Intelligence 7 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d5bd2d8e6125cae5bf017a0bd0375291975ceb4c0d55e87994a27ed72eb62a1
SHA3-384 hash: afc4b01a66385925d6c9018af5568a3f251e5503c4486a03cdf6d74af7e47ef4c9fc2a7ebbf5bcffd0619903d19e35fe
SHA1 hash: bc73b5e5103f45e5adb8672064de71b921bdb258
MD5 hash: 00799ea198766197d5f645c90b368bb9
humanhash: bravo-zebra-ten-fifteen
File name:64thServices v24.zip
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:1'128 bytes
First seen:2026-03-01 10:51:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24:9dToOr1ET8/5G3sWAS6qBF223hj3xLqIMRPKFP3zewng76GNSXKTYz:9aSPE3sWASV22xMhRPKF5ClNYp
TLSH T1F12186059CD402F3ECE13A35BF5A222AC8CF8F5536849E0E15CA055C2987C1C2C3BDAD
Magika zip
Reporter burger
Tags:AsyncRAT zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
NL NL
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:64thServices v24.lnk
File size:1'660 bytes
SHA256 hash: aa4b643b0cf8f91532272dc7a1c2426f0da0aceeaa653831ad0daf55df2e6eef
MD5 hash: 556c49b40ec4764b781d6d6eb9f97edd
MIME type:application/octet-stream
Signature AsyncRAT
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/a2f7cb84-9f13-4e9f-80ca-8667fb755731/
Detection(s):
Sanesecurity.Foxhole.Lnk_Rar_1.UNOFFICIAL
Create hunting rule

Sanesecurity.Foxhole.Rar_fs852.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27118.LnkHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.26477.PshHeur.UNOFFICIAL
Create hunting rule

Lnk.Downloader.HTAAgent-9989400-0
Create hunting rule

Verdict:
Clean
Score:
N/A%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a41a0b8fffa866e3b3ae97
Tags:
n/a
Result
Verdict:
Malicious
File Type:
LNK File - Malicious
Link:
https://app.docguard.net/4d5bd2d8e6125cae5bf017a0bd0375291975ceb4c0d55e87994a27ed72eb62a1/results/dashboard
Payload URLs
URL
File name
https://wpgbf1zg-5500.euw.devtunnels.ms/64/loader.exe
LNK File
Behaviour
BlacklistAPI detected
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4d5bd2d8e6125cae5bf017a0bd0375291975ceb4c0d55e87994a27ed72eb62a1
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/4d5bd2d8e6125cae5bf017a0bd0375291975ceb4c0d55e87994a27ed72eb62a1
Verdict:
Malicious
File Type:
zip
Link:
https://opentip.kaspersky.com/4d5bd2d8e6125cae5bf017a0bd0375291975ceb4c0d55e87994a27ed72eb62a1/results?tab=lookup
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d5bd2d8e6125cae5bf017a0bd0375291975ceb4c0d55e87994a27ed72eb62a1/
Threat name:
Shortcut.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-01 10:52:16 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
7 of 36 (19.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jvn5fwhgcjok4w7qc6ql2a3vfemxltvuydkv5b4zjit624xlmkqq._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
defense_evasion discovery execution
Link:
https://tria.ge/reports/260301-rtp9aadx6f/
Behaviour
Checks SCSI registry key(s)
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Browser Information Discovery
Enumerates physical storage devices
System Time Discovery
Drops file in Program Files directory
Drops file in Windows directory
Drops file in System32 directory
Checks computer location settings
Executes dropped EXE
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Looks for VMWare Tools registry key
Looks for VMWare services registry key.
Enumerates VirtualBox registry keys
Looks for VirtualBox Guest Additions in registry
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Download_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies download artefacts in shortcut (LNK) files.
Rule name:Execution_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:LNK_sospechosos
Create hunting rule
Author:Germán Fernández
Description:Detecta archivos .lnk sospechosos
Rule name:SUSP_LNK_CMD
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference to cmd.exe inside an lnk file, which is suspicious

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AsyncRAT

zip 4d5bd2d8e6125cae5bf017a0bd0375291975ceb4c0d55e87994a27ed72eb62a1

(this sample)

AsyncRAT

Executable exe e317bbfc8dd60ed01c0d2eb675d513b3ddde788c8a63a3e8444dd03b85eb31c6

AsyncRAT

Executable exe e291078023f902c380b0e6cef294dd05d36d21e00ecf4756f7a038500b9cb28a

AsyncRAT

Shortcut (lnk) lnk aa4b643b0cf8f91532272dc7a1c2426f0da0aceeaa653831ad0daf55df2e6eef

  
Dropping
SHA256 aa4b643b0cf8f91532272dc7a1c2426f0da0aceeaa653831ad0daf55df2e6eef
  
Dropping
MD5 556c49b40ec4764b781d6d6eb9f97edd
  
URLhaus
https://urlhaus.abuse.ch/url/3788055/
  
Delivery method
Distributed via web download

Comments