MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a94694b8af1007df4ae8704991dc121bc58949e2ef04288db9137f72750439f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a94694b8af1007df4ae8704991dc121bc58949e2ef04288db9137f72750439f8
SHA3-384 hash: d9c1450a0d7b0a09c2a1ef43b764f639c87bfbc04b791a6d82e5164196e92478cf80c42a0588985a61c288f4f05bd801
SHA1 hash: 3f54ae4210a8831bdf2c39f6ee9fb34afed1c6ae
MD5 hash: f0d4959e7904560319798a82d238c19c
humanhash: one-three-oven-blossom
File name:xy.ps1
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:12'582'912 bytes
First seen:2024-04-27 21:31:32 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 24576:rktiItcNIcBzNpTsPf7mxsOxd2MFYcNEeHktILchLvbXOCLC4iQnH/U0UiQ8CWVk:qCCioq3HlktJ6RM6uo7EzjQYdd
TLSH T17DC69E60BF945AF9EF8D1E3E905AAF1CC7F042172D32706BFA415F05A9DA146810B26F
Reporter pr0xylife
Tags:AsyncRAT ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
147
Origin country :
NL NL
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/a94694b8af1007df4ae8704991dc121bc58949e2ef04288db9137f72750439f8
Result
Verdict:
MALICIOUS
Result
Threat name:
AsyncRAT, Metasploit
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1432679
Signature
C2 URLs / IPs found in malware configuration
Early bird code injection technique detected
Found malware configuration
Found suspicious powershell code related to unpacking or dynamic code loading
Hijacks the control flow in another process
Loading BitLocker PowerShell Module
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queues an APC in another process (thread injection)
Sigma detected: Notepad Making Network Connection
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Writes to foreign memory regions
Yara detected AsyncRAT
Yara detected Generic Downloader
Yara detected MetasploitPayload
Behaviour
Behavior Graph:
Download SVG
Score:
97%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a94694b8af1007df4ae8704991dc121bc58949e2ef04288db9137f72750439f8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a94694b8af1007df4ae8704991dc121bc58949e2ef04288db9137f72750439f8/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-04-26 18:30:31 UTC
File Type:
Binary
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vfdjjofpcad56sxiobezdxasdpcysspc54ccrdnzcn7xe5iehh4a._file
Verdict:
malicious
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat botnet:default rat
Link:
https://tria.ge/reports/240427-1dmb5ahc8v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Async RAT payload
AsyncRat
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
C2 Extraction:
hjdsasync.duckdns.org:8797
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/a94694b8af1007df4ae8704991dc121bc58949e2ef04288db9137f72750439f8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments