MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6e752bb42b49e83d8a7a2edf68cfd5e605185b2508a3ff03eb13aff9130a74a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AsyncRAT

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	a6e752bb42b49e83d8a7a2edf68cfd5e605185b2508a3ff03eb13aff9130a74a
SHA3-384 hash:	cff601862641c319f1d6ace1ebabbbd9637fd3161657f3df3bf4e82f759f39467dbbd1ebfacabce00ff3af2956c7c8a5
SHA1 hash:	91b03942a2176a8d90c6a83641edc6b021c68183
MD5 hash:	7c1da46fd6add0fdcf359101f77f47e2
humanhash:	fifteen-utah-beer-apart
File name:	a6e752bb42b49e83d8a7a2edf68cfd5e605185b2508a3ff03eb13aff9130a74a.js
Download:	download sample
Signature	AsyncRAT Create hunting rule
File size:	6'099'699 bytes
First seen:	2026-02-10 09:00:25 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	768:1wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwo:dt6
TLSH	T1005612412E26988132E429772A3077810E1EA6EB23BFE719F947DEE9FF4784BC570154
Magika	javascript
Reporter	JAMESWT_WT
Tags:	AsyncRAT hostphpwindowsapps-ydns-eu js startmenuexperiencehost-ydns-eu

Intelligence

File Origin

# of uploads :

# of downloads :

129

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.VBS.Obfus-152.UNOFFICIAL

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=698af3ef4c8b031249cdf683

Tags:

obfuscate xtreme virus

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm base64 base64 fingerprint obfuscated obfuscated overlay powershell repaired

Link:

https://www.filescan.io/uploads/698af3acb6bd365f0a6ac41e/reports/6a1cb197-b850-4c5b-ab86-486b82daf70e/overview

Verdict:

Malicious

Labled as:

GT:JS.ObfPadding.1

Link:

https://www.hybrid-analysis.com/sample/a6e752bb42b49e83d8a7a2edf68cfd5e605185b2508a3ff03eb13aff9130a74a

Verdict:

Malicious

File Type:

First seen:

2026-02-10T06:14:00Z UTC

Last seen:

2026-02-10T06:46:00Z UTC

Hits:

~10

Detections:

Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic

Link:

https://opentip.kaspersky.com/a6e752bb42b49e83d8a7a2edf68cfd5e605185b2508a3ff03eb13aff9130a74a/results?tab=lookup

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/a6e752bb42b49e83d8a7a2edf68cfd5e605185b2508a3ff03eb13aff9130a74a

Verdict:

inconclusive

YARA:

1 match(es)

Link:

https://app.malva.re/file/7c1da46fd6add0fdcf359101f77f47e2

Detection:

dcrat

Link:

https://mwdb.cert.pl/sample/a6e752bb42b49e83d8a7a2edf68cfd5e605185b2508a3ff03eb13aff9130a74a/

Verdict:

Malicious

Threat:

Family.ASYNCRAT

Link:

https://tip.neiki.dev/file/a6e752bb42b49e83d8a7a2edf68cfd5e605185b2508a3ff03eb13aff9130a74a

Threat name:

Script-JS.Trojan.ObfPadding

Status:

Malicious

First seen:

2026-02-03 16:05:05 UTC

File Type:

Text (JavaScript)

AV detection:

6 of 24 (25.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=u3tvfo2cwspihwfhulw7ndh5lzqfdbnskcfd74b6we5p7ejqu5fa._file

Result

Malware family:

asyncrat

Score:

10/10

Tags:

family:asyncrat botnet:**** 28 **** discovery execution rat

Link:

https://tria.ge/reports/260210-ky2pjshw8f/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

AsyncRat

Asyncrat family

Process spawned unexpected child process

Malware Config

C2 Extraction:

startmenuexperiencehost.ydns.eu:8849
startmenuexperiencehost.ydns.eu:8848

Dropper Extraction:

http://hostphpwindowsapps.ydns.eu:8011/data/optimized_MSI.png

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.55

Link:

https://yomi.yoroi.company/submissions/a6e752bb42b49e83d8a7a2edf68cfd5e605185b2508a3ff03eb13aff9130a74a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample