MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a63134b33062c4634272b96c12d130f3abe74270f958ac03049eaae8bb66de4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	8a63134b33062c4634272b96c12d130f3abe74270f958ac03049eaae8bb66de4
SHA3-384 hash:	ee0b76fbec0b06e42650682673cc4c0b8f1d78ce4b7c69a43d3a36da8d6f8ca3fd6f2d2eedb63bd91d703a4a02450f04
SHA1 hash:	129f27dd4cef7bcdafb216c38cfc47e84d0b9d7d
MD5 hash:	d9e92e5e4edc19ed12cba365b232852f
humanhash:	video-hot-april-michigan
File name:	d9e92e5e4edc19ed12cba365b232852f.exe
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	481'792 bytes
First seen:	2022-09-11 20:51:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	12288:APWuhmFBkuBWZzFl4l27jbFKg/CaFMR8NbvF/jYLGzTx6Z:APMFBLcol0bF7DMQbvNjYL6xY
Threatray	2'435 similar samples on MalwareBazaar
TLSH	T172A423208AF04322D96F03332A7B6781E7F16789BA710B4D709A9673475E7124E7B717
TrID	63.5% (.EXE) Win64 Executable (generic) (10523/12/4) 12.2% (.EXE) OS/2 Executable (generic) (2029/13) 12.0% (.EXE) Generic Win/DOS Executable (2002/3) 12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	262953e6a4b41156 (1 x AsyncRAT)
Reporter	abuse_ch
Tags:	AsyncRAT exe

Intelligence

File Origin

# of uploads :

# of downloads :

427

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

d9e92e5e4edc19ed12cba365b232852f.exe

Verdict:

No threats detected

Analysis date:

2022-09-11 20:53:37 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e3ceb9fa-3c7c-4566-940b-1da5a9ac99f9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/309362/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.1446.24041.11603.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Using the Windows Management Instrumentation requests

Sending a custom TCP request

Сreating synchronization primitives

DNS request

Creating a window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

packed quasar

Link:

https://www.filescan.io/uploads/631e4b01e73fb79b7a0c0bb2/reports/32409340-b312-42d2-980a-e555330d2a52/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a7fe5aa3-a636-4cc7-9cde-4cd420d1429b

Result

Threat name:

AsyncRAT

Detection:

malicious

Classification:

troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1068536

Signature

.NET source code contains potential unpacker

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Uses dynamic DNS services

Yara detected AsyncRAT

Yara detected Costura Assembly Loader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8a63134b33062c4634272b96c12d130f3abe74270f958ac03049eaae8bb66de4/

Threat name:

ByteCode-MSIL.Trojan.Tiggre

Status:

Malicious

First seen:

2022-09-11 20:11:03 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

22 of 26 (84.62%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rjrrgsztaywemnbhfolmclitb45l45bhb6kyvqbqjhvk5c5wnxsa._file

Verdict:

malicious

AsyncRAT

0f9e71d60e3069524b211280f87d329ea279c0b59b08826a14eec3cf97f9c839

AsyncRAT

15e2f966937440c34a383f8a2df6fa8b380fbc858b7560e3129f563296e17fbb

AsyncRAT

1894ee1e31d02ce95f3fb5bfaaeade0718232866702e70bd19a70a0a15a3343c

AsyncRAT

3e85b31ff1780031f94570fc9801b6a886564a4caa2acc360d2c65f29b22dbb5

AsyncRAT

6887d3d4d5baa135418c2305915c56b448960d03c427f6c63c430465ddaa6547

AsyncRAT

8c88e83a7d8ecdc337997e822c9ed368d6fe3bff0ff4e3b4b1b55a0cabeb09f1

AsyncRAT

953eea5757d78536aa654da079a8f04e87874043d848b938cce9fc9aa85ee83d

AsyncRAT

c53364e68c93eac3f3135721a2e28441af61ca6499a1f3ca5cdd8dcff37e5108

AsyncRAT

c761bddf4919d6207339aaae1f71bf1dfb5a8a76c110dfd75d96c3b7ae3ae917

AsyncRAT

+ 2'425 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://tria.ge/reports/220911-znp1bsfhdp/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Legitimate hosting services abused for malware hosting/C2

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/e261b8a4-9edb-4982-9154-a5347c07b858

Unpacked files

SH256 hash:

8a63134b33062c4634272b96c12d130f3abe74270f958ac03049eaae8bb66de4

MD5 hash:

d9e92e5e4edc19ed12cba365b232852f

SHA1 hash:

129f27dd4cef7bcdafb216c38cfc47e84d0b9d7d

Link:

https://www.unpac.me/results/96e6e0bd-b88c-43e5-ab55-db049447ef2d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.35

Link:

https://yomi.yoroi.company/submissions/8a63134b33062c4634272b96c12d130f3abe74270f958ac03049eaae8bb66de4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/309362/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample