MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f21659ae9692d517b96389596eb7d11bb5ee7288968f8394085a53d27475bb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	7f21659ae9692d517b96389596eb7d11bb5ee7288968f8394085a53d27475bb8
SHA3-384 hash:	e8d359174f423fd5ed2acac203fb2214ef07a4b31ad6688d4daef636169c68a0c4d92ff9f6cebe93973d2920e0fadd4c
SHA1 hash:	461b06d8e6f2cace8ab6a0853f0b82cd81ce190a
MD5 hash:	62b6448d01bcdfb514a29a1d59b10bad
humanhash:	high-fruit-artist-thirteen
File name:	payload.bat
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	143 bytes
First seen:	2025-08-08 09:44:08 UTC
Last seen:	Never
File type:	bat
MIME type:	text/plain
ssdeep	3:VSJJFI9IrFh1RscfxHBAREC/EYtXiW8+zicU0dWIpTYfSNMFIKg4YH:s8qX5FORECMYtSomcU0MIpTlMFIzv
Threatray	343 similar samples on MalwareBazaar
TLSH	T11CC08CE002A400AA095CC09F23BE0A432060F04891D9A25930B4C81251602BAB38A42C
Magika	powershell
Reporter	Neiki
Tags:	AsyncRAT bat bknxmf-com ClickFix

Intelligence

File Origin

# of uploads :

1

# of downloads :

154

Origin country :

DE

Vendor Threat Intelligence

Malware family:

asyncrat

ID:

1

File name:

payload.bat

Verdict:

Malicious activity

Analysis date:

2025-08-08 09:37:24 UTC

Tags:

loader rat asyncrat remote auto-startup emmenhtal

Link:

https://app.any.run/tasks/e6e88f60-b0bd-43be-9f0f-52c0b7c3c570

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/19633/

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6895c55311d7f9b979e681c9

Tags:

autorun emotet

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

lolbin mshta powershell

Link:

https://www.filescan.io/uploads/6895c7079ef4d2ff7cf24ccb/reports/9401b7ab-5037-4a16-8565-a0bdd08f5171/overview

Verdict:

Malicious

Labled as:

BZC.PZQ.Nioc.14

Link:

https://www.hybrid-analysis.com/sample/7f21659ae9692d517b96389596eb7d11bb5ee7288968f8394085a53d27475bb8

Score:

7%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/7f21659ae9692d517b96389596eb7d11bb5ee7288968f8394085a53d27475bb8

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7f21659ae9692d517b96389596eb7d11bb5ee7288968f8394085a53d27475bb8/

Verdict:

Malicious

Threat:

Family.ASYNCRAT

Link:

https://tip.neiki.dev/file/7f21659ae9692d517b96389596eb7d11bb5ee7288968f8394085a53d27475bb8

Threat name:

Script-PowerShell.Trojan.Powdow

Status:

Malicious

First seen:

2025-08-08 09:37:24 UTC

File Type:

Text (PowerShell)

AV detection:

7 of 22 (31.82%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=p4qwlgxjnewvc64whckzn235cg5v5zzirfupqokaqwst2j2hlo4a._file

Verdict:

malicious

Label(s):

resolverrat

asyncrat

anarchypanelrat

Similar samples:

1ca06fdcde3535302c06a3e448ae72c15006f0653e4775693988510d2a56f91f

3649e0a708a65c8179a1e04cb6d1b176a56fea07e40f1f804023a79f8b3a1743

457c8b3a3be87e9f6268be29ee37e5f5fbc6a6848094416ba1f4c8797c4d7380

578534916db444eb7ae9db0d7c15cb3fe33fec897d38e17112648e0f435a7953

88067e120c8b5186776b1acad8a57c310568693cf0c109b5d5cca5667b5767ef

8c4e2908eebef7809f904d0e93851ab9397db0693c989dc9c83e840c927d3dc8

e449d76fcfc64dd20fdd07fb1ffc75a0a8fd27c878a6d265192e64b33b6d0b48

+ 333 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

execution

Link:

https://tria.ge/reports/250808-lqq4hswps6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Malware Config

Dropper Extraction:

http://bknxmf.com/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7f21659ae9692d517b96389596eb7d11bb5ee7288968f8394085a53d27475bb8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/19633/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample