MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af1de5075995378f6bd804aa5871458afe48ac1aef0a66c55bc5b7764e2b2443. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 12


Intelligence 12 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af1de5075995378f6bd804aa5871458afe48ac1aef0a66c55bc5b7764e2b2443
SHA3-384 hash: a1661f93e09fb9bea61158b392f0d95a9a70585f769bd8bd9f615e0d6657536059a41d1ccc0a577796e04a4fffe11cda
SHA1 hash: fba2d4ee3acffbe196999f6e5574fe7bef11855e
MD5 hash: ec8fe3296c03adc44ac1723849b70317
humanhash: ceiling-xray-fish-high
File name:ec8fe3296c03adc44ac1723849b70317.exe
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:3'061'248 bytes
First seen:2023-07-07 15:13:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1084391232f946da687fb47f5ca4c63a (1 x AsyncRAT)
ssdeep 49152:6kcCYoV2sFBZaWq1hLHgQwNgNxnIMhLO4:Q
Threatray 875 similar samples on MalwareBazaar
TLSH T14AE5962FF167629AEC7DC475D821A1B9B82970911F2976C3B94A061DCE30ED84CBDBD0
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter obfusor
Tags:AsyncRAT exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
302
Origin country :
HK HK
Vendor Threat Intelligence
Malware family:
asyncrat
Create hunting rule
ID:
1
File name:
ec8fe3296c03adc44ac1723849b70317.exe
Verdict:
Malicious activity
Analysis date:
2023-07-07 15:14:24 UTC
Tags:
asyncrat
Link:
https://app.any.run/tasks/0f51d3bb-b668-4170-8c62-f1eb5261dc0f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/410894/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/96337/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/64a82bbb2333b198b2391efb/reports/855be83c-f867-4401-b9ee-f503dfe4a9e7/overview
Verdict:
Suspicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/af1de5075995378f6bd804aa5871458afe48ac1aef0a66c55bc5b7764e2b2443
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/61d8a25c-77e6-4a64-8506-61c782c478dc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af1de5075995378f6bd804aa5871458afe48ac1aef0a66c55bc5b7764e2b2443/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v4o6kb2zsu3y626yasvfq4kfrl7erla254fgnrk3yw3xmtrlerbq._file
Verdict:
malicious
Similar samples:
1de780af93c98d924e67471d29b62e6f8f16eb641636a3f0e4fc7a6199b95b61
AsyncRAT
232b6e5b0e7e6b062b9da1d871430a2ae3fee34590fa05c6fa608b8291eff1a7
AsyncRAT
3436e23e0db4fdd4f4e6337781fc283c94d87665819970477332564538210826
AsyncRAT
4fd20682fbc3324675f319d9c2961d002ff409c3bbd4afc6e19dd7e8f2135ac9
AsyncRAT
5af7cfae0ad82f0e1d210bacf1fb6bbc9a15f0b62f88af71dbf9abf3a436ddd8
AsyncRAT
6cf0ea817a842b6b6149d1c613cf22a1dfbb729c3b8ab2f1a34e372ab66f5c65
AsyncRAT
a2429a2781600f34cc23b3dacba4ce58fbbadc90dac50ab80043601293534b95
AsyncRAT
abf4d22525f5eda1938e398e4fd1c266a350d8d5b7c19f9a72e2291b1966d946
AsyncRAT
+ 865 additional samples on MalwareBazaar
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat botnet:default rat
Link:
https://tria.ge/reports/230707-sma2fshh77/
Behaviour
Suspicious use of AdjustPrivilegeToken
Program crash
AsyncRat
Malware Config
C2 Extraction:
7593352b2g.imdo.co:28870
Unpacked files
SH256 hash:
af1de5075995378f6bd804aa5871458afe48ac1aef0a66c55bc5b7764e2b2443
MD5 hash:
ec8fe3296c03adc44ac1723849b70317
SHA1 hash:
fba2d4ee3acffbe196999f6e5574fe7bef11855e
Detections:
win_hookinjex_auto
Create hunting rule
Link:
https://www.unpac.me/results/f961b80e-193a-429a-9681-7e037c9bce09/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/af1de5075995378f6bd804aa5871458afe48ac1aef0a66c55bc5b7764e2b2443

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_hookinjex_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.hookinjex.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/410894/

Comments