MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 990e7934749f9549244866e11d35990aa0b2002aeb95e1339b0a10c610d404c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 990e7934749f9549244866e11d35990aa0b2002aeb95e1339b0a10c610d404c2
SHA3-384 hash: c8bc7b4649fac7a4d92ed5c2fd86cf549981c884ad7b80282a27d9322e04f510924b296d7fc5c1006688619af7ab51d6
SHA1 hash: f7c90f11b76ecfc8e3e69d9cf33193f1b34aa63f
MD5 hash: 59521983ae8d1cbc47cbf3aa6125314a
humanhash: victor-friend-mountain-finch
File name:RADICADO PAGO AGOSTO .pdf.js
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:231'096 bytes
First seen:2025-08-12 18:01:35 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 1536:J8tDn3Fd70kY+T1exWEdSBs4n2R+WZQSIF:qRFK/+T1exXk
TLSH T16134BA045F28304A55FA66DE5F194D08E89C9347135042273AFFC524AFF2F64FEA6EA8
Magika javascript
Reporter Anonymous
Tags:AsyncRAT js

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
US US
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=689b81c7642b4839d1b5a87d
Tags:
obfuscate xtreme shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm lolbin obfuscated wscript
Link:
https://www.filescan.io/uploads/689b82d9397fd3ce6fa67def/reports/57270ad5-0e8d-4364-bb9f-825f3fb7ad23/overview
Verdict:
Suspicious
Labled as:
JS/Agent.TBI trojan
Link:
https://www.hybrid-analysis.com/sample/990e7934749f9549244866e11d35990aa0b2002aeb95e1339b0a10c610d404c2
Score:
35%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/990e7934749f9549244866e11d35990aa0b2002aeb95e1339b0a10c610d404c2
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/990e7934749f9549244866e11d35990aa0b2002aeb95e1339b0a10c610d404c2/
Verdict:
Malicious
Threat:
Family.ASYNCRAT
Link:
https://tip.neiki.dev/file/990e7934749f9549244866e11d35990aa0b2002aeb95e1339b0a10c610d404c2
Threat name:
Win32.Dropper.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-08-12 17:42:54 UTC
File Type:
Text (JavaScript)
AV detection:
1 of 36 (2.78%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tehhsndut6kusjcim3qr2nmzbkqleabk5ok6cm43biimmeguatba._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery execution persistence
Link:
https://tria.ge/reports/250812-wpxvsatqw9/
Behaviour
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
SmartAssembly .NET packer
Suspicious use of SetThreadContext
Adds Run key to start application
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/990e7934749f9549244866e11d35990aa0b2002aeb95e1339b0a10c610d404c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link

Comments