MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8af9c9d76bece9923478be75bf384175dfb90cfd61594e2bed5c5a4b3fcc1ce2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	8af9c9d76bece9923478be75bf384175dfb90cfd61594e2bed5c5a4b3fcc1ce2
SHA3-384 hash:	fb6776ab5de2b60312d82a20f05889b70be7420a184d50285b0b77b80081a39baf9648ed567904662ce54eb259a6fa92
SHA1 hash:	03681561ec7dac213ddd83cbea2c6adfb7835867
MD5 hash:	eabc01068b757619a20ba4d45d5f09dd
humanhash:	monkey-don-skylark-pasta
File name:	rgncszyk9i.ps1
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	86'182 bytes
First seen:	2021-11-02 10:05:27 UTC
Last seen:	Never
File type:	ps1
MIME type:	text/plain
ssdeep	1536:TcSoPFh67RiCEnzo/rJV4Jx59PwpMvj7QInrLdJg9mRY1tW:knE9WJ1PRnrJJgUGW
Threatray	1'614 similar samples on MalwareBazaar
TLSH	T1AC833F858347936FA55F08AFEC47085A23F18D16AAF9418897F618EF2C7E98C94F054F
Reporter	proxylife
Tags:	AsyncRAT ps1

Intelligence

File Origin

# of uploads :

1

# of downloads :

233

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PowerShell.Agent.bc.12368.3772.UNOFFICIAL

Verdict:

Suspicious

Threat level:

5/10

Confidence:

50%

Tags:

powershell

Link:

https://www.filescan.io/uploads/61810d8c1c62c356607ebbdd/reports/0a3cfa8c-b49d-4355-9eaa-23772ef8a33d/overview

Result

Verdict:

UNKNOWN

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8af9c9d76bece9923478be75bf384175dfb90cfd61594e2bed5c5a4b3fcc1ce2/

Threat name:

Script-PowerShell.Dropper.Heuristic

Status:

Malicious

First seen:

2021-10-27 01:52:15 UTC

AV detection:

10 of 45 (22.22%)

Threat level:

2/5

Verdict:

malicious

Label(s):

asyncrat

Similar samples:

12f2e964639c39076f29196264c1dcbd3792eaaaa77aca14986a802a122b341b

3959233284f7f4a7bec2a314820e3b8e073591a31dfe8c43a03f7a24833b7fd3

3fc706ce01f2ff41e02943699351d1ad3c32160cbd0be0b8bb85f9472303d4c2

486b4fcc5a6e4f4e949aa11aa3f2e9d8d2075ac8445617af8c41ab214f6dbfa0

51e4dce11e58aa2be5d3c73056bf45652de5032dcb29636b28f2c1659df135db

7da096df4561ecc9169365841e2f024e40165377384e25e82922b2d1f16b8aa0

91d07db42921a9ffe88f14cc796ae63454267d252acd7a528b6a2e4ec327310d

a341b8f10a51457c11292173cfa48fe49256c9ccef8ec045753b49b2bfa935d6

ecfaef9e7fc7c83be8beedfcbef268c3d5a91a904ed211fa553c9e9b6aaa9c42

+ 1'604 additional samples on MalwareBazaar

Result

Malware family:

asyncrat

Score:

10/10

Tags:

family:asyncrat rat

Link:

https://tria.ge/reports/211102-l43z8scce9/

Behaviour

Delays execution with timeout.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Drops startup file

Async RAT payload

AsyncRat

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

iSpy Keylogger

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8af9c9d76bece9923478be75bf384175dfb90cfd61594e2bed5c5a4b3fcc1ce2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample