MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6652d9db5c6151db0a59d048d1e0232c0218c62fcb403c23b94726cbd46b667a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6652d9db5c6151db0a59d048d1e0232c0218c62fcb403c23b94726cbd46b667a
SHA3-384 hash: f8a469deaaea4ae59ea00bd2a0d434bba46e70ad00eedb1924a29fa9295010ee7aa0945483b4e1fb1aa9690680f74e88
SHA1 hash: 25e11a7984a8fa3b50f6d6a05e0d270d90dc9bfc
MD5 hash: 60801952075f6e5a6db71c6ed9a9c0a3
humanhash: maine-william-island-pizza
File name:60801952075f6e5a6db71c6ed9a9c0a3
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:72'704 bytes
First seen:2021-11-15 10:36:08 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 1536:XTf/RW17/Vow1DlHTBvAJYmhP59tGt77SvIEGYRG:jHR49jQP5TGt77SRGT
Threatray 989 similar samples on MalwareBazaar
TLSH T18F63F61263878BB0E56C56B880E3052043F6D347B333DB6A3ED851D98F867D9AE95385
Reporter zbetcheckin
Tags:32 AsyncRAT dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/205886/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.19606.9611.32310.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/6192384f3edf00a722d52a0c/reports/48c2abd3-782d-477c-ae4a-36270ef03a6f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a91d1cb0-de40-4154-805e-ef3184975122
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/889334
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 521809 Sample: SS3c2Z75yA Startdate: 15/11/2021 Architecture: WINDOWS Score: 56 13 Multi AV Scanner detection for submitted file 2->13 15 .NET source code contains method to dynamically call methods (often used by packers) 2->15 17 Machine Learning detection for sample 2->17 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6652d9db5c6151db0a59d048d1e0232c0218c62fcb403c23b94726cbd46b667a/
Threat name:
ByteCode-MSIL.Trojan.Heracles
Create hunting rule
Status:
Malicious
First seen:
2021-11-15 08:18:13 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
asyncrat
Create hunting rule
Similar samples:
35badde7665455f011683d9d8ce515444f0f12839abbd7ed7abe1d9a0d2fabbc
AsyncRAT
9d951b99024a1e1fc4f11508fdbebe9ded208cebbd30affcc6914c315407c972
AsyncRAT
b9c0b6dd76212644b551d5b8ea745b3f14f6c92365e767836382a4c8ea54906b
AsyncRAT
c55d24211a98779c56a7c48b4594267c521a39bca772694c01c06fb90f05ad6c
AsyncRAT
cdf2ed21f6bda94bdebd880cb3e45005de2e714d8f1311f3d38684f103be2f00
AsyncRAT
f101ea42d63ecc3c5c56db1b6b69083489bd914ccefb493f3dc24407c31da860
AsyncRAT
ff5a9952f9262a760b7e87fa0b9e1d4880b8f7dbc348b4697c340be813882b16
AsyncRAT
+ 979 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211115-mns1rshhe3/
Unpacked files
SH256 hash:
6652d9db5c6151db0a59d048d1e0232c0218c62fcb403c23b94726cbd46b667a
MD5 hash:
60801952075f6e5a6db71c6ed9a9c0a3
SHA1 hash:
25e11a7984a8fa3b50f6d6a05e0d270d90dc9bfc
Link:
https://www.unpac.me/results/6fa0dbe3-5bf0-45e6-9a91-8f8618d8ea02/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research
Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AsyncRAT

DLL dll 6652d9db5c6151db0a59d048d1e0232c0218c62fcb403c23b94726cbd46b667a

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1788281/
Cape
Cape
https://www.capesandbox.com/analysis/205886/

Comments


Avatar
zbet commented on 2021-11-15 10:36:09 UTC

url : hxxp://179.43.187.131/ueyt/VVYUYDUYFUFHHJFJ.dll