MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0e963ac1cc0d8e2b7e00466a69523bff662a2dd26ff48e2879cd9f7eab520ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 16


Intelligence 16 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0e963ac1cc0d8e2b7e00466a69523bff662a2dd26ff48e2879cd9f7eab520ab
SHA3-384 hash: 117a14da3276d50a197e1bd49325d62bf7b40844e883a57771405e2955ddd3f6c12bfbbb1ece15305f4cc76f5a0d03b0
SHA1 hash: b9cf0ce664b35926ce30bc680f5366e70d66f7a1
MD5 hash: 7d7f1e37e579aa50bb3b43e66feb4af0
humanhash: hydrogen-nevada-neptune-triple
File name:SecuriteInfo.com.Win64.Malware-gen.63113175
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:2'567'048 bytes
First seen:2025-10-24 09:30:33 UTC
Last seen:2025-10-24 10:18:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 74a352b7be38be736b4f1e0d51b66e8c (1 x AsyncRAT)
ssdeep 24576:iTVGtcA1xyC4Y3htmnQeB1vc4ZcVsof9gc0PAPtEGH5AQoV6kFb5EnEd/8:4ct4whtDevv7m9gc0YPbH5UFb50Y8
TLSH T178C5AE5393EC41E4F07B5674886A8716EEF27C160B3496DF0285F61E2F33AC25A76722
TrID 48.7% (.EXE) Win64 Executable (generic) (10522/11/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:AsyncRAT exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
122
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a0e963ac1cc0d8e2b7e00466a69523bff662a2dd26ff48e2879cd9f7eab520ab.bin.exe
Verdict:
Suspicious activity
Analysis date:
2025-10-24 08:53:15 UTC
Tags:
auto-reg
Link:
https://app.any.run/tasks/c67f2db2-cc89-4fd2-9a04-74feea56c4a9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/34022/
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68fb47a86c859164aa63e16b
Tags:
dropper crysan agent virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Program Files subdirectories
Launching a service
Launching a process
Creating a process with a hidden window
Сreating synchronization primitives
Connection attempt
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Creating a file in the %temp% directory
Creating a process from a recently created file
Unauthorized injection to a recently created process
Enabling autorun by creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm crypto dllhost evasive expired-cert explorer fingerprint hacktool infdefaultinstall keylogger lolbin microsoft_visual_cc pcalua regedit rundll32 runonce scriptrunner smb
Link:
https://www.filescan.io/uploads/68fb47e23a79800405f4883a/reports/468d77fd-6708-4cc6-9781-040a31d4c664/overview
Verdict:
Malicious
Labled as:
Win64/GenKryptik_AGeneric.ACJ trojan
Link:
https://www.hybrid-analysis.com/sample/a0e963ac1cc0d8e2b7e00466a69523bff662a2dd26ff48e2879cd9f7eab520ab
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-10-22T03:20:00Z UTC
Last seen:
2025-10-22T08:43:00Z UTC
Hits:
~10
Detections:
PDM:Trojan.Win32.Tasker.cust PDM:Trojan.Win32.Generic Backdoor.MSIL.Crysan.d Trojan.Win64.Zenpak.sb Backdoor.Win64.Crysan.ayn
Link:
https://opentip.kaspersky.com/a0e963ac1cc0d8e2b7e00466a69523bff662a2dd26ff48e2879cd9f7eab520ab/results?tab=lookup
Malware family:
Sysinternals
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b99827ec-c659-47a7-8831-b869eeac8914
Score:
71%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/a0e963ac1cc0d8e2b7e00466a69523bff662a2dd26ff48e2879cd9f7eab520ab
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0e963ac1cc0d8e2b7e00466a69523bff662a2dd26ff48e2879cd9f7eab520ab/
Verdict:
Malicious
Threat:
Family.ASYNCRAT
Link:
https://tip.neiki.dev/file/a0e963ac1cc0d8e2b7e00466a69523bff662a2dd26ff48e2879cd9f7eab520ab
Threat name:
Win64.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-10-23 21:24:51 UTC
File Type:
PE+ (Exe)
Extracted files:
244
AV detection:
16 of 38 (42.11%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uduwhla4ydmofn7aartknfjdx73gfiw5e37uryuhttm7p2vvecvq._file
Result
Malware family:
xworm
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat family:stormkitty family:xworm collection execution persistence rat spyware stealer trojan
Link:
https://tria.ge/reports/251024-lh97esylan/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Drops file in Program Files directory
Accesses Microsoft Outlook profiles
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Async RAT payload
AsyncRat
Asyncrat family
Detect Xworm Payload
StormKitty
StormKitty payload
Stormkitty family
Xworm
Xworm family
Malware Config
C2 Extraction:
196.251.73.187:6000
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d99c35ab-3abb-4db5-93d5-e627c6c50228
Unpacked files
SH256 hash:
a0e963ac1cc0d8e2b7e00466a69523bff662a2dd26ff48e2879cd9f7eab520ab
MD5 hash:
7d7f1e37e579aa50bb3b43e66feb4af0
SHA1 hash:
b9cf0ce664b35926ce30bc680f5366e70d66f7a1
Link:
https://www.unpac.me/results/9304c6ff-b009-48a2-94bf-dc5d24254be7/
SH256 hash:
f303637fc0bd2ba64373e9034b07185b66de90d0138e9c005d93fa74532a178d
MD5 hash:
19eb0d76a4dd9af1add9a140a300863c
SHA1 hash:
d9e51b1edab0af2a27f6bf28f6b4a0819bb1ad29
Link:
https://www.unpac.me/results/9304c6ff-b009-48a2-94bf-dc5d24254be7/
Malware family:
VenomRAT
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/a0e963ac1cc0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a0e963ac1cc0d8e2b7e00466a69523bff662a2dd26ff48e2879cd9f7eab520ab

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Disable_Defender
Create hunting rule
Author:iam-py-test
Description:Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:Indicator_MiniDumpWriteDump
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects PE files and PowerShell scripts that use MiniDumpWriteDump either through direct imports or string references
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:virustotal
Create hunting rule
Author:Tracel

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AsyncRAT

Executable exe a0e963ac1cc0d8e2b7e00466a69523bff662a2dd26ff48e2879cd9f7eab520ab

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3685331/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/34022/

Comments