MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2a4aca9ebb9d8032d7ac5b426c3bbbfb59bff6051f963fc9d55239a48b06898. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 7


Intelligence 7 IOCs YARA 37 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2a4aca9ebb9d8032d7ac5b426c3bbbfb59bff6051f963fc9d55239a48b06898
SHA3-384 hash: 9712c3a03531709737b99391b8db3031f584408f4d83f962b92382fb88a9fd3827859adec2093f2e7611e31ccd7b48e4
SHA1 hash: 2f28360995b8f2473fe23efe335626b8e3527846
MD5 hash: 529ca8a8c17f56d766bfc300198502f1
humanhash: nevada-sink-massachusetts-lima
File name:Venom-5-HVNC-RAT-v5.0.4-x26d0u.zip
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:17'385'072 bytes
First seen:2022-10-21 06:27:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 393216:hwsddNTnQDFMY6LzdP6XZn4JvsJ3Wchth88W3K4gD4FwwKOkZ3BDGJy:2STQwP6p4YrH8f3Kfue2Jy
TLSH T1D40733718AE6088ED9763D3AD289C9C661448B981A777EBD7E3D61DCCCCF65C4893320
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter JAMESWT_WT
Tags:AsyncRAT zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
184
Origin country :
n/a
File Archive Information

This file archive contains 139 file(s), sorted by their relevance:

File name:System.IO.Compression.ZipFile.dll
File size:21'224 bytes
SHA256 hash: 7720ee13405ea8a3c204703a181e67dc6d66835e9df263c09d04d8b48b41eb26
MD5 hash: bb1a520f25bb93ace4dd0a060fba677d
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Runtime.CompilerServices.VisualC.dll
File size:21'784 bytes
SHA256 hash: 18a610b8bad43cf784cde4d4902a238f2281c2a677daae790cab55f6da915979
MD5 hash: 9f31b6954fd453f13b5f39da36f2e8eb
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Extra.dll
File size:34'816 bytes
SHA256 hash: dae673b838de497c1aa8a558d4dd5963d90e8b21538cb0d9adce585ef6fbc915
MD5 hash: 17db58471bf45715ba46b5af7920d676
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Globalization.Extensions.dll
File size:25'992 bytes
SHA256 hash: c7e91bd148ed22ee1ff8ebd3e58b199a30af90aa37499bcf8da34409672f2ed9
MD5 hash: c7c93de0627833900b8379fd181b7351
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Vestris.ResourceLib.dll
File size:77'824 bytes
SHA256 hash: c05a6f13106e2dd10ae279c3435fb63fbabdc328f94d8065231c3cacfff5fc4b
MD5 hash: 22fbd571c82399e06e0a7321eedef722
MIME type:application/x-dosexec
Signature AsyncRAT
File name:IconExtractor.dll
File size:10'752 bytes
SHA256 hash: 2c359ce857982f45b09af49dbccfb2ae302839acf1956e8325e7f854b339a8c9
MD5 hash: 7bcf61e29e5cbcd1b81d9ab72cbfed93
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Runtime.Serialization.Primitives.dll
File size:27'048 bytes
SHA256 hash: 575e26a455892f1fd77b730e6928f70b760e76094afe5bcb677d854daf869ac5
MD5 hash: 3373a24450373caf0cbb756e10097fd4
MIME type:application/x-dosexec
Signature AsyncRAT
File name:VenomRAT_HVNC.exe
File size:17'387'008 bytes
SHA256 hash: b4250aff983f1f588593baed1adb4797e6c1ab6225595ebd013b50348a57a459
MD5 hash: 5384c0396589430eeb3d1a2e05703e9a
MIME type:application/x-dosexec
Signature DCRat
File name:System.Text.Encoding.dll
File size:21'696 bytes
SHA256 hash: 0ab1f7f87b7c2afca57d394e4f4e262c82ba3209cb0a750cd66401fb33f21eca
MD5 hash: 7f65ccbf58c39f3853bb8dc4137dfd12
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Runtime.Serialization.Xml.dll
File size:24'816 bytes
SHA256 hash: 557858e44a51a74646ad07a85cba56af1da13ad26ac2f74ee5d8c3e8a171c221
MD5 hash: 9087373eee85190daf8915e614b1e4bd
MIME type:application/x-dosexec
Signature AsyncRAT
File name:netstandard.dll
File size:98'616 bytes
SHA256 hash: 8be4a2270f8b2bea40f33f79869fdcca34e07bb764e63b81ded49d90d2b720dd
MD5 hash: 0adf6f32f4d14f9b0be9aa94f7efb279
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Information.dll
File size:27'648 bytes
SHA256 hash: 9fbfd1036e579edc9498625e86c45743e4ad8ecf5960f4a87a9402ba1236448f
MD5 hash: a7670d3509baa51af6566b93b185b854
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.AppContext.dll
File size:21'176 bytes
SHA256 hash: 9dc115ac4aadd6a94d87c7a8a3f61803cc25a3d73501d7534867df6b0d8a0d39
MD5 hash: 8cc4c7dfeb41b6c227488ce52d1a8e74
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Xml.XPath.XDocument.dll
File size:22'904 bytes
SHA256 hash: b33d08149a756a401628d11bfddfeeaca1f03c0578395bb061dae44f8a12ce5d
MD5 hash: a5f541655a9edc24f4b5184a40e40227
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.ComponentModel.dll
File size:21'192 bytes
SHA256 hash: 5e61d755616cb10524f5f31e9b70c65a7fff8e30e25ce711ac8b354d657ab479
MD5 hash: 632cc8ad69b76fd9bb5847de1e1439f7
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Diagnostics.TextWriterTraceListener.dll
File size:21'280 bytes
SHA256 hash: 63eab38ee9f4dcd686c8e6a4f01e1e2a9bb91e52b20ab4dde0c28061e9261860
MD5 hash: a964808487e671bb369dbc0e4dc5a947
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Keylogger.exe
File size:10'752 bytes
SHA256 hash: a17a5bf35d8b784c3111632ba7e0c30a2c1a9c2c95b549235affc16d6d055477
MD5 hash: 4f846f2117c4eab285289b0090521b1e
MIME type:application/x-dosexec
Signature AsyncRAT
File name:FileManager.dll
File size:35'328 bytes
SHA256 hash: 50f93055604c7418fa0e5536afd0b4d535db752b5e7edf588cbc14c1570613a1
MD5 hash: dab76ee6ff2548a9bd45c0e582f4d90a
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Xml.XmlSerializer.dll
File size:21'712 bytes
SHA256 hash: 21493f7f615a099e795f7fae7ecce6082414d1d427790bdf4b103623a3ab34eb
MD5 hash: d9f02d9f7da653f82e75112a2ab99ce6
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.Http.dll.F08D.dll
File size:265'728 bytes
SHA256 hash: e043879249a6a0f0461b9f0c20dbd92345f03b322702831612b286d129226779
MD5 hash: 8e9aea6e036889ae2696260c760e0d0b
MIME type:application/x-dosexec
Signature AsyncRAT
File name:RemoteDesktop.dll
File size:37'888 bytes
SHA256 hash: 5bb6b6c1c4a1bcd5b53739f455fa06dc79b05a58c24dda17aebdb19700abf89d
MD5 hash: f75278e1fbfa2def4723a73daec54547
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Security.Cryptography.Primitives.dll
File size:21'784 bytes
SHA256 hash: b755d0b55a465d07c9dd3fc11822487d1e649b684aef91a4ce9b935b416a01b9
MD5 hash: a60084f9988c7907f7092c143c8d3818
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Diagnostics.Process.dll
File size:21'728 bytes
SHA256 hash: 28b165cddb82a2507114394ae398995ef8a50c549214f8678aa66054f6927754
MD5 hash: d86b0aca05321569d9383dc7c4e9e934
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Xml.XPath.dll
File size:21'176 bytes
SHA256 hash: 24daa1faee0478ba58febe8ee789eb88be0a14d350b57ad8b10690c55976b2e1
MD5 hash: 415e3ab72f17f10d646b3e2c7a76f612
MIME type:application/x-dosexec
Signature AsyncRAT
File name:SendMemory.dll
File size:31'232 bytes
SHA256 hash: 14be9c3ff0aaccd55a2fc7b17fe63009ae3a746c28623efd8a7e66150f715a32
MD5 hash: dd61babbbe5c58e8c7c87a1795ff63a6
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Miscellaneous.dll
File size:87'040 bytes
SHA256 hash: 588ed6232c93d2e18a40051b02b6e0b0c2ce252b897667d5c6134166206c7396
MD5 hash: 8ed27058380bfe4ed4b7a761209ad623
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Newtonsoft.Json.dll
File size:504'320 bytes
SHA256 hash: 78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb
MD5 hash: 5e02ddaf3b02e43e532fc6a52b04d14b
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Dynamic.Runtime.dll
File size:22'224 bytes
SHA256 hash: f600acc811720183c639cebe5618baf9c8135b85b9cbdc0758bc9b2dcc6dd7a9
MD5 hash: c5cadb1409f25b6a1c7a6dd4c2df236b
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Diagnostics.Tools.dll
File size:21'208 bytes
SHA256 hash: 260c6250ef9b57dca99b4cecc533f9a34857b5a32b5351202f776163841200aa
MD5 hash: 27c7d752c11c3f43f28eb31968e73e2b
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Guna.UI2.dll
File size:2'135'552 bytes
SHA256 hash: ee4449bccf826cbc56c13087d54a1a69fd42464d437ce8f355ac6afb61df6829
MD5 hash: 0188fce753516183a41c4d146e337778
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Reflection.dll
File size:22'200 bytes
SHA256 hash: 63aaf632ee7f3bc852c4d71c742cf1d26f18f784f6c89113e056b2599ba8f514
MD5 hash: 1a3da139180e9fab380033d8d1fe3995
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.IO.FileSystem.Watcher.dll
File size:21'224 bytes
SHA256 hash: c9e2562f1a1b86acdb6957cf916aced9c4f8b71ebb16dfa0050252146205ad37
MD5 hash: 3772a3a7e55178ec90ecb607aba28511
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Collections.Concurrent.dll
File size:21'224 bytes
SHA256 hash: cc62f3b867d50083c2932061f20662c698d2e1a741c4d2f9df1fd2d435e3ef3c
MD5 hash: 559c98eb9633c7ba1bc813f8e6e0e9a5
MIME type:application/x-dosexec
Signature AsyncRAT
File name:client
File size:147'968 bytes
SHA256 hash: 9160b90fa4a6a9cf22f943dba92cec64e2dc03c2317b5d9ab50a753fc410ce43
MD5 hash: f4fdcb900e7af47100ac9e46945fbd55
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.ValueTuple.dll
File size:79'176 bytes
SHA256 hash: efd8155cec6f3683b701fe94f555d225332d283126bb36b36d9a20ea9d7fc724
MD5 hash: c8456355b990c6347ab2f3621e2010be
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Security.Cryptography.X509Certificates.dll
File size:22'832 bytes
SHA256 hash: 3c8630acb43c12a6a317227ff2922056ecd991fe945464fdf7ea81f1293a479f
MD5 hash: 06d000552ed6785988ae188fc35d1b86
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Linq.dll
File size:21'152 bytes
SHA256 hash: 349c7fbe9ae2b78c2f90239bddfcea5b16a0faac1fe83553a816c50c3e9089b1
MD5 hash: 5e33930fe2e0867cb1f9fabeddfbd7b1
MIME type:application/x-dosexec
Signature AsyncRAT
File name:FileSearcher.dll
File size:286'720 bytes
SHA256 hash: a91d0552200064646768b1fcd393568ca6144279ef0543aee6a74c4d11c34f49
MD5 hash: a186a27b6e893b60bf236120a6a329a7
MIME type:application/x-dosexec
Signature AsyncRAT
File name:ReverseProxy.dll
File size:14'336 bytes
SHA256 hash: 5d360a46eca2f0721cb7b7080fabc41595d9acf25aa787ce76f8dd091a6d8049
MD5 hash: f83d9cf1d492d2c87e25c4584b0e2691
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Client.pdb
File size:60'928 bytes
SHA256 hash: d5247c86c7402df8e64573e385ad7353f141dab59abc731fff3fe6a98a63e6b0
MD5 hash: 008329249cc3e88aa1d6b89f409ccd13
MIME type:application/x-ms-pdb
Signature AsyncRAT
File name:System.Linq.Expressions.dll
File size:22'224 bytes
SHA256 hash: bf97f67165231c2a42b95f11d80337b082e2b2be54351da44c8a10c06194b369
MD5 hash: 3b49bf361f3116de28176b40845bc199
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Globalization.Calendars.dll
File size:21'744 bytes
SHA256 hash: b56ffb65b842daae13f3020b0b04646db92f89801d2a2f89087d145a996d43f7
MD5 hash: ac2f4b435ddf0600d7a866f42f3b40d9
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Linq.Parallel.dll
File size:21'192 bytes
SHA256 hash: 30a49d16436e3a05569c99a0c2d21755c2fa323c5b925f9f21c10287cc97d9c9
MD5 hash: 8be0caa60074176fa1e7e63c0aeb6c01
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Threading.Thread.dll
File size:21'200 bytes
SHA256 hash: 9d4faea9892d4ecfabf61986687fc6cb30f5f51a6b62819b9571ff58e04c4dd5
MD5 hash: fdb3a743b2dae5924cba88a5c865128d
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.IO.MemoryMappedFiles.dll
File size:21'216 bytes
SHA256 hash: 81b6527ac2d18782ac24ae463c11dd1d70ab1bc89f626b7347a592229b371a1d
MD5 hash: 34e21101faf71a27c6819cc051debc9d
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Security.Principal.dll
File size:21'208 bytes
SHA256 hash: 02416bc542be82002b8b81adbbbcdcc8d098104020d09b571dc674b5bc19a177
MD5 hash: 6dcd91b6a029794728f4edeb2bf2e42d
MIME type:application/x-dosexec
Signature AsyncRAT
File name:7z.exe
File size:446'976 bytes
SHA256 hash: c7245e21a7553d9e52d434002a401c77a7ca7d0f245f2311b0ddf16f8f946c6f
MD5 hash: 3e797119e0fd64297cb82794b8d68edd
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.Requests.dll
File size:21'184 bytes
SHA256 hash: f2e74a3ec2dc753c9a48fa9a677775f949eb1e02fc1bb8bf38c39e8d2ab147eb
MD5 hash: 28141960a88365df6a60b0c6ff831b0b
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Diagnostics.Tracing.dll
File size:31'608 bytes
SHA256 hash: b84b93be455cc7d14ec0c88ce08dafac7b6aac2e549c969e7126eb48c31f8b1c
MD5 hash: 60f59659db517c2f4dd4c5c583d43097
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.Security.dll
File size:21'696 bytes
SHA256 hash: d0d90152136a0acf340fb345098f2e5c718bb13f3b5a809d7be4d9948b8574d4
MD5 hash: 8d00682e84d1d773d2160b63c0380ba6
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.Ping.dll
File size:21'168 bytes
SHA256 hash: 4d97e8481b9a27042bb903245625735d82ff627c66797de619303c1e705d0d6a
MD5 hash: 2a459c2c395f54352a16de4aa0e5407f
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Drawing.Primitives.dll
File size:21'208 bytes
SHA256 hash: 2805a18724a24034ad6acb315dac516e479cecc5f3753204052657e560932d5d
MD5 hash: 29b0a1554e54611ebba7911049f26fd3
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Recovery.dll
File size:1'325'568 bytes
SHA256 hash: d446330954f19467b8e8b09b4773781c54292c2a3dbdeab27619baac0664074e
MD5 hash: 902c646c9cfad54cb1271b8d4db4ce10
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.ComponentModel.EventBasedAsync.dll
File size:21'768 bytes
SHA256 hash: 22108e32e0b6e42f5f52a4cb17b9b6fa3dfd547ecd9eef9c67226dbec54d23e5
MD5 hash: 6067ecbab3c6dddb6bf7c49c7948caa8
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Collections.dll
File size:21'696 bytes
SHA256 hash: c2250e9e51b44d8ab8c5b892592766925f6580ee00b95026621d0afb037c2707
MD5 hash: 1d8aafeca1ea565b257384d3f64864b0
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.IO.dll
File size:21'144 bytes
SHA256 hash: c191a43029edd4eb8eee003356f1fe79aa45071c25433a7a3589590e9089eed9
MD5 hash: 809fdbd7422a3e02c89244dc530a3367
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.NetworkInformation.dll
File size:22'248 bytes
SHA256 hash: 2e2d28a0802d8c8c08c0d422f48733ad8bf1dfae75f5682a4a3df8898e7e819f
MD5 hash: f39a35095cfd0019d6d4bb8461750bf0
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Runtime.dll
File size:29'360 bytes
SHA256 hash: 50ad612d4cf6113de26b2870da099c4817f59e64a2da98f05803b4a2e2304919
MD5 hash: 0e35085c130d2d91e5241334be7ef0da
MIME type:application/x-dosexec
Signature AsyncRAT
File name:VenomRAT_HVNC.exe.config
File size:3'048 bytes
SHA256 hash: 5c939c46f9d81cb75180c897feb5044176ed44cd0d51e076149bd82425e4ef44
MD5 hash: fa21c166232c3b29f8d2d14557490c9c
MIME type:text/xml
Signature AsyncRAT
File name:crack.exe
File size:18'432 bytes
SHA256 hash: b4b1dd5fc206b0089ca1e7d613d6475a9a06bbcf4c207830d7c0cf02a94ae79a
MD5 hash: 2a62b2d78f2c0f2efd39f07641d231e1
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.Sockets.dll
File size:30'544 bytes
SHA256 hash: 694f4c61b6bae0aefac07a1e861c12c03cb6002f30091e4c8b05bb9c8ccf0d3d
MD5 hash: 8c9d9f45b85526e491f6555b1566a41c
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.WebSockets.dll
File size:21'192 bytes
SHA256 hash: 99920ce34a01a0c07efd86d6e134bb401993515d001b7567a4116ad222993a63
MD5 hash: 2e6378feaeee2f745417fc025c7850f9
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Xml.XmlDocument.dll
File size:21'712 bytes
SHA256 hash: 8957f0bcea6ab8a011a53ae62466505199f11a228f87f3809931d974f87078ce
MD5 hash: 328d12af9613b0f3f25320b85dcccbf4
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.IO.UnmanagedMemoryStream.dll
File size:21'232 bytes
SHA256 hash: 86f1f12e47f260985b08bb966598123578eb5e48bef9bb086f04e16e9d53bb32
MD5 hash: d74405753f829e75e89bba5ebc296112
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Xml.XDocument.dll
File size:21'696 bytes
SHA256 hash: 4f6a14e4ba2a2b26b8b8433d5f82f75a96af5a4f036d9447373b07271493917b
MD5 hash: 37e21b63959f243a157534133f85c5af
MIME type:application/x-dosexec
Signature AsyncRAT
File name:BouncyCastle.Crypto.dll
File size:2'572'288 bytes
SHA256 hash: 5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6
MD5 hash: 3551343fab213740bbb022e3a6dcf27b
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.ObjectModel.dll
File size:21'696 bytes
SHA256 hash: 870ee1141cb61abfce44507e39bfdd734f2335e34d89ecfffb13838195a6b936
MD5 hash: 55d9528d161567a19dbb71244b3ae3ce
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.IO.Compression.dll
File size:81'776 bytes
SHA256 hash: 9d6216631d192a881c170fba413599f6c79442fa1e933c2000530444d207522d
MD5 hash: b74495ce791ceb565e17ac6ef7417b7e
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Netstat.dll
File size:28'160 bytes
SHA256 hash: 479371c859f9e18a38b0832cc49b817cbec3970d1820badd5e274a7809afdeea
MD5 hash: f0da85bd2bda4f27567910b80481b920
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Diagnostics.TraceSource.dll
File size:21'744 bytes
SHA256 hash: c81a57d0634c462a6cf49844059e9b170f650ccdf0789519ffd4ae7d28e2718d
MD5 hash: 37be4cce0ed037f8d9a7a3940bd2a2e1
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Runtime.Handles.dll
File size:21'200 bytes
SHA256 hash: 7a81d2a001b543b2a55c9affc845a5df7edab1fd308c6979bbd982b1b826b57c
MD5 hash: 65fbba7a86b3e175200ae44727ab40e5
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Resources.Reader.dll
File size:21'200 bytes
SHA256 hash: e3036362506d96c9c00ed6393a2afcacd9f2e71cd2a35c1d638a61e85d2fb040
MD5 hash: f1cc91d25b52c7504dc5beab5d0f498c
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.IO.IsolatedStorage.dll
File size:21'208 bytes
SHA256 hash: 0e80a2e256d16e487bc847d1857ed7cd088f176254ba2a385d675338b836b0fc
MD5 hash: ab8d293bcd7a13e83565b4afa8438988
MIME type:application/x-dosexec
Signature AsyncRAT
File name:ProcessManager.dll
File size:28'160 bytes
SHA256 hash: e7d1a49c2c1ebce3b465f5a97d1771bd7681a263b676b0311a3ad9e58b87e1f9
MD5 hash: 97a477186db32bb9020166069dbc25bc
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Threading.Tasks.dll
File size:22'224 bytes
SHA256 hash: 0110616dfe870b8bcf25df8f6ce38ef5aac39e728ddaa3420ea199f5a7e80a16
MD5 hash: 0ad301ee2b7282b87dcd0d862efe14dc
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.NameResolution.dll
File size:21'208 bytes
SHA256 hash: 222bd77c5692c2961e8c3638f6511d6f7cbeb9e0977e2d5c3bca6739a5311f37
MD5 hash: 2eec710dbaacd32bedfca09eca8de52d
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Information.txt
File size:73'154 bytes
SHA256 hash: 947eac68e7320c369172fe7f56f27e3e116b21bdf5781daf080b52efac579c04
MD5 hash: 3874cfc74252df3a137c33a1d0d6be1d
MIME type:text/plain
Signature AsyncRAT
File name:Chat.dll
File size:466'944 bytes
SHA256 hash: dfa246c2763bf5df442a81128b3587f7bf530e4327f631cdd4dd79106738cf31
MD5 hash: 8fc1192cf52f55ed5efb5e12210a37bf
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Regedit.dll
File size:288'768 bytes
SHA256 hash: 0e9445775af2f2377469ccf463ffae76290f74ad6bfa324cbb0b156d971bc32b
MD5 hash: f5f2798e0ea216d11aedb8257b7cdfe8
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Logger.dll
File size:29'184 bytes
SHA256 hash: f744c46e4c678d65d9682a0f42dc2b82277ea2d879eeb3d708fb70af2af40a94
MD5 hash: 3717491f7b1a90aaa5f271ab14147a9b
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Client.exe
File size:64'512 bytes
SHA256 hash: 5bf4fc2c4d3115229d60511cad1af48019a4c291ad6144e73393e88e319f80a5
MD5 hash: 6158c0682f86511060619bba0fe864be
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Security.Cryptography.Csp.dll
File size:21'240 bytes
SHA256 hash: 566775f5502c3c1fa70acade145293df5d02c1a9f031820d429605e9b4584b44
MD5 hash: f554762fc38f81cb22d1dc8ab5cd40d5
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Data.Common.dll
File size:154'448 bytes
SHA256 hash: 1c7bff6f16bb618648e699b723aeafe511515cd6aad699c25faae2a507e22811
MD5 hash: d712a5a82a446086443ce00b610d8a5d
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Reflection.Primitives.dll
File size:21'736 bytes
SHA256 hash: 0383dc02fdf0b5d4612d8caaad13d594cac1609c8240b73dfd6ea5803f5e17ea
MD5 hash: cf318475e6a7a56789abb0f98c37abe1
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Resources.Writer.dll
File size:21'200 bytes
SHA256 hash: daaabd07f1b94be19d72913360286e469f454886850afcc603506eaab03150e4
MD5 hash: 05d1b950c470ea8b0aa357f9a59cf264
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.Primitives.dll
File size:22'216 bytes
SHA256 hash: 9a8ba725f8e953c933285065228a9409036f9137d03016b127ccea8a19452466
MD5 hash: 562f67001889cdbc2531947636418ee5
MIME type:application/x-dosexec
Signature AsyncRAT
File name:MessagePackLib.dll
File size:18'944 bytes
SHA256 hash: 007a50a1275964e14abecc461549ae495147417d601c5900f3105330bb2e4a4f
MD5 hash: aff009b639ba8794200e91f7ea8915d9
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Diagnostics.FileVersionInfo.dll
File size:21'248 bytes
SHA256 hash: 7c25a74772e135257235640a0264ddc05235e14f3627896cfe735e9955155f83
MD5 hash: 0d9a641105098d642567b22101a4de0b
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Threading.dll
File size:22'192 bytes
SHA256 hash: 4dc8d588ec63641c28422d648e8de5e2c030eb7afec2071a99dd3bd9a204557f
MD5 hash: 11d674cfc81b7102c0bc6ffe58f6ac5e
MIME type:application/x-dosexec
Signature AsyncRAT
File name:cGeoIp.dll
File size:2'405'888 bytes
SHA256 hash: d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
MD5 hash: 6d6e172e7965d1250a4a6f8a0513aa9f
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Audio.dll
File size:26'112 bytes
SHA256 hash: 1323a7212239513270077e07cb436af721acedb0c21c99b06c163a230baaa50a
MD5 hash: 025864d133e416f144030cf22ea9f2c3
MIME type:application/x-dosexec
Signature AsyncRAT
File name:VenomRAT_HVNC.pdb
File size:949'760 bytes
SHA256 hash: c754a924a7b1df1c44a0dfc330b2e051ef47c03b711e6bf3b499035f3652ad61
MD5 hash: 2364cc04dedcc2ee6b346b1f2e59eb39
MIME type:application/x-ms-pdb
Signature AsyncRAT
File name:System.Console.dll
File size:21'160 bytes
SHA256 hash: b537313413f80105f143cc144feeae2ac93f44747727de309a71d57d2650034a
MD5 hash: ea9376c17ee0148f0503028ad4501a92
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Threading.Timer.dll
File size:21'200 bytes
SHA256 hash: 04b9235f64c9c846f8a767230714895da87c7ae2cd0105e9d14835ae46f0fed8
MD5 hash: 824053272b268c577e9adf17ed398142
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Fun.dll
File size:37'376 bytes
SHA256 hash: 2b25c33a033bdc85ea4db8c3ea89bbfc7d1a1dd80d21a1835bba5672759efdd9
MD5 hash: e07004ec43ed994b9a11999145f5a43a
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Options.dll
File size:386'048 bytes
SHA256 hash: 0460389a3845a271ba5d65b30b66c57458f2373d75aad94e92416d772d06df5d
MD5 hash: 0fd19be97a94b00e440d14b06449cf92
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.IO.FileSystem.dll
File size:21'192 bytes
SHA256 hash: 9a4595dbb128e2d8f373b3ac45478e7131f4d181b50ec821ec8cb88bd46bd5b8
MD5 hash: bfceb4faca75681137455cd70f8038b6
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.ComponentModel.Primitives.dll
File size:21'752 bytes
SHA256 hash: bfcd867f71c887429dfe008d7ec5d1853d15b3932d4ce8991694293477b5be37
MD5 hash: 2f39655ccfc010e32a7240d9bf5d0852
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Diagnostics.Contracts.dll
File size:21'736 bytes
SHA256 hash: 9c4ae61e0e8365762efe3d34c5595029f2c12e0079e6070720e2cef0882c84e5
MD5 hash: 99373ab10858746aad424f28b48277f5
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Diagnostics.Debug.dll
File size:21'208 bytes
SHA256 hash: 55a30d92d163cf1807bea6dc13b4c13e70aebbb034dc77eaef4f4394730dcd8e
MD5 hash: 8b8c402311d7ab87e588675e736414fd
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Xml.ReaderWriter.dll
File size:21'712 bytes
SHA256 hash: 5f560e1dd529bb2529d7052e04008449f58d0439c2bb43437d7b5d39f84f949f
MD5 hash: 090ff56c4fe2eeff2e16f03099ad71e1
MIME type:application/x-dosexec
Signature AsyncRAT
File name:SendFile.dll
File size:29'184 bytes
SHA256 hash: 072d48161b09b35ea7f698a4dd7708005e2c39ce96fde8dd140da5d3ff900c54
MD5 hash: 38b26e87939cb40613f0aa2fce3372af
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.ComponentModel.TypeConverter.dll
File size:22'784 bytes
SHA256 hash: 0dbb92ecd5dfa7fc258bc6deed4cecf1b37f895457fd06976496926abdb317bb
MD5 hash: d1699287934da769fc31e07f80762511
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Runtime.InteropServices.RuntimeInformation.dll
File size:28'624 bytes
SHA256 hash: 76432f414458e93b54ceb02fc348e652a84744108102f3a83792d8a804040eb8
MD5 hash: 05af54a1c6450b98ad0fb0e857b6a523
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.WebHeaderCollection.dll
File size:21'232 bytes
SHA256 hash: 69b48ff8e6f40b84cdddb95bcdbb34e1184a2e29cb4ccc0fc9f1a2493648ee37
MD5 hash: 7da1fee108a0750f47b70f25fe2cc55a
MIME type:application/x-dosexec
Signature AsyncRAT
File name:ServerCertificate.p12
File size:1'815 bytes
SHA256 hash: 676b682456910aec732f9061663309d79b1bd84a8956492881fb45d757a8427f
MD5 hash: 9eb35831c5fc4c2faa95c0490da1fd97
MIME type:application/octet-stream
Signature AsyncRAT
File name:System.Runtime.Numerics.dll
File size:21'200 bytes
SHA256 hash: 16e7efd6c19b2e3e516ae1bc7b3175d0e22f1ad357701f229e353da348eee182
MD5 hash: 6ccca0ba6a7b9caf8b8d3b0287dbed8b
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.Http.dll
File size:198'472 bytes
SHA256 hash: b5d20736f84f335ef4c918a5ba41c3a0d7189397c71b166ccc6c342427a94ece
MD5 hash: 665e355cbed5fe5f7bebc3cb23e68649
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Threading.Tasks.Parallel.dll
File size:21'232 bytes
SHA256 hash: 3468e0c875db94a8f45d56ab76bbcc677b942ca51a23649ba3c5ad1b20e391f1
MD5 hash: 9088029e38b2a393f22afd9e576ce86e
MIME type:application/x-dosexec
Signature AsyncRAT
File name:protobuf-net.dll
File size:275'456 bytes
SHA256 hash: 042b8c1c1e0eb7648b164ee48c95168c48324f1fb439cabd5f2e41db0938d807
MD5 hash: 4a4756e227c10623d81228bc4bc49c1d
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Vestris.ResourceLib.2.2.0-beta0004.nupkg
File size:347'928 bytes
SHA256 hash: 7296ba826122f5130cbe9f9adf364175a900c34b7803eca7ea4dfee2b0c74ea8
MD5 hash: 849b21794509f4f0f1e0871e9b414bb1
MIME type:application/zip
Signature AsyncRAT
File name:System.Security.Cryptography.Encoding.dll
File size:21'256 bytes
SHA256 hash: 1f5c1abe1b2720680170388569354d8cda9d558b53aff7caf175ce0f7e3733e5
MD5 hash: 7ab10b31c5ce290672b319d403751e95
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Diagnostics.StackTrace.dll
File size:23'936 bytes
SHA256 hash: cae99f910874288afbf810968d13b79d755cd4b2006609ec036ea4934181cba5
MD5 hash: fa98a0f020248c2be1dd40c07092f22a
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.IO.Pipes.dll
File size:21'168 bytes
SHA256 hash: 80a229b2917fc3a5d941ff9745a6be0065028afdf9509300410d2721c71f1198
MD5 hash: 58a2e5ac0510b9223236b9317c505b58
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Security.SecureString.dll
File size:22'392 bytes
SHA256 hash: 18032d190d0d599823e59c8dd8b588909bef8888b8bf304723a138b61f1b911f
MD5 hash: 4523f60270149bad67f6ae63375d2cdb
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Vestris.ResourceLib.xml
File size:293'799 bytes
SHA256 hash: 02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6
MD5 hash: 5d2dee455b4003b6624b6dd890edb279
MIME type:text/xml
Signature AsyncRAT
File name:dnlib.dll
File size:1'147'392 bytes
SHA256 hash: 962332e8c8cb459fb2f7dacec5d7a618cc53b1b49bc1740156398c89742f43fd
MD5 hash: 4d0b771879de85137ee7e5f0d4bb4b16
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Runtime.Extensions.dll
File size:21'720 bytes
SHA256 hash: f9feb277f86241f55425182a26decf50a210675d4f040ec542af3fb3dd287de6
MD5 hash: b0346a4c5fa0fac135509a0e7d3c4449
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Collections.Specialized.dll
File size:21'224 bytes
SHA256 hash: 938da38561da54793944e95e94b6e11cf83aacd667487297d428fbce1c06dc9c
MD5 hash: b52c339601cb264f83df72d802e98687
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Runtime.Serialization.Json.dll
File size:21'240 bytes
SHA256 hash: e8d531f0aaa674f794b7f43ec76e4e32ad93f3c136020cf4b6e3433832f9c0df
MD5 hash: e1e2239979b853157ba75310fea7e65d
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Runtime.InteropServices.dll
File size:24'296 bytes
SHA256 hash: 383a1f9dac655c6805c24d4a03bc5fbeb9abd1536de5510f5756259eefcb4871
MD5 hash: d7e74ea95786a02687ce43c356abdc95
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Text.Encoding.Extensions.dll
File size:21'232 bytes
SHA256 hash: cbe29672cd2b6a0ea97b55f3844fbede3e591996f39c3aa1f829f2fa50551fa9
MD5 hash: d40515a84448b91315f956e6d1a6c64b
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Security.Cryptography.Algorithms.dll
File size:47'016 bytes
SHA256 hash: 967dddbfe7f1ceb933b5875d65c59cdb835bb063f287a361e8b35dd814a9b14d
MD5 hash: e4a1681e09aec6efb00fb2a9355a1296
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.IO.FileSystem.Primitives.dll
File size:21'232 bytes
SHA256 hash: 5c84dd40d67c0e59906511d2b09da8e28c454b5979eb5fde74213f9d4bdbc564
MD5 hash: 51b07204081bde29a1f84a3b48554186
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Reflection.Extensions.dll
File size:21'224 bytes
SHA256 hash: 3d2551d6458b84566025fddfe5dad479cab5785428efd6814860d36ad1811c9a
MD5 hash: defaadd4a92d4d348b0827ab8159d2fe
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Text.RegularExpressions.dll
File size:21'232 bytes
SHA256 hash: c98a52bd017df01aea7b955e6f219537d391a62c2c2b976684da282f9cd7cacf
MD5 hash: 7d317d88f9860a18ecf7fb90b33995d3
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Runtime.Serialization.Formatters.dll
File size:21'264 bytes
SHA256 hash: c343f7bf08a4c97a90ba607a492c721533333173fa63f65f6e5de9ceee65fc16
MD5 hash: a42c32f4e98a9656fc2fed72d30e9380
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Security.Claims.dll
File size:21'200 bytes
SHA256 hash: 8270d1248950ee8aee5c2ac2e321df07e65c7a94004ae03c857deacd231a5542
MD5 hash: 99604779c668d9b8ef913854b9a24f9d
MIME type:application/x-dosexec
Signature AsyncRAT
File name:RemoteCamera.dll
File size:112'128 bytes
SHA256 hash: 4cbce783aff5305afd5e15e60f077ac5dd2b9d40effacf1089d766c02e7fa112
MD5 hash: 59361cf454809302313c7a4c2403ba0d
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Collections.NonGeneric.dll
File size:21'224 bytes
SHA256 hash: 529943c0cdf24f57e94bf03fac5f40b94a638625027a02df79e1e8cb5d9bc696
MD5 hash: 45ff71114047dbf934c90e17677fa994
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Microsoft.Win32.Primitives.dll
File size:21'216 bytes
SHA256 hash: 5eaa2e82a26b0b302280d08f54dc9da25165dd0e286be52440a271285d63f695
MD5 hash: 76b8d417c2f6416fa81eacc45977cea2
MIME type:application/x-dosexec
Signature AsyncRAT
File name:Discord.dll
File size:27'648 bytes
SHA256 hash: 6a43095314d5e32db307eef638d2f5afea7dd40ff6acda24fc28ce0c1632cb6a
MD5 hash: b591cff18fd7344243cf8a4eca624a65
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Globalization.dll
File size:21'192 bytes
SHA256 hash: 56bd0c02c734abf4d7fd1ef2e8b6a9e4bf5e4bab4e606cd1023d63b02852fa61
MD5 hash: ae023bb0beee5189a07c7fd4e0cf3fca
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Net.WebSockets.Client.dll
File size:21'224 bytes
SHA256 hash: 19766a20b62b038abc3e863f2d6e7b55fabee4d9cbcad3eb1d7bd3ebfe8d023a
MD5 hash: e06bae626965fbdb0bae5437498b5155
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Threading.Overlapped.dll
File size:37'752 bytes
SHA256 hash: f17ff442b77a6cfe9c118d2f8fae1ab6c814a0d4f35c5844996be84f3fcc8592
MD5 hash: 1a890c488cf2ecd406b804e7e3c5b7f0
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.IO.FileSystem.DriveInfo.dll
File size:21'232 bytes
SHA256 hash: 984575c44cab17d46587af6cc8c22c409b79bec280fd771e6af93a0a0c20e5b0
MD5 hash: 2fcb2158fc41d97e2bb71953664b99b9
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Threading.ThreadPool.dll
File size:21'216 bytes
SHA256 hash: 3d9ebc81b1bd3234666c8ce403a5f17a726867c68ffa5de4ec8ee92599335658
MD5 hash: 18ce4ecc42fc8d999ef091d812472cf0
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Resources.ResourceManager.dll
File size:21'232 bytes
SHA256 hash: 62dce4679e33c079e11f41b096bc803b30b1d963a1ea79efa84187cebbc06afe
MD5 hash: 9e71dfce86f14beeb8f3e9f00d0a472e
MIME type:application/x-dosexec
Signature AsyncRAT
File name:System.Linq.Queryable.dll
File size:21'192 bytes
SHA256 hash: 719ac73bb261e0a13574f5a198126ccf40352264958defb555280d005134c704
MD5 hash: e04cdb6229d83768285acb08d870f23a
MIME type:application/x-dosexec
Signature AsyncRAT
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed packed
Link:
https://www.filescan.io/uploads/63523bf466721ebd9b2f5895/reports/31b0066f-6675-40e8-8024-689e1c8b16c7/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/b2a4aca9ebb9d8032d7ac5b426c3bbbfb59bff6051f963fc9d55239a48b06898
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2a4aca9ebb9d8032d7ac5b426c3bbbfb59bff6051f963fc9d55239a48b06898/
Threat name:
ByteCode-MSIL.Backdoor.AsyncRAT
Create hunting rule
Status:
Malicious
First seen:
2022-10-21 03:59:01 UTC
File Type:
Binary (Archive)
Extracted files:
778
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wkskzkplxhmagll2yw2cnq53x62zx73akh4wh7e5kurzusfqncma._file
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:arrowrat family:asyncrat botnet:%group% agilenet rat
Link:
https://tria.ge/reports/221021-g8cavsffd3/
Malware Config
C2 Extraction:
%Hosts%:%Ports%
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.50
Link:
https://yomi.yoroi.company/submissions/b2a4aca9ebb9d8032d7ac5b426c3bbbfb59bff6051f963fc9d55239a48b06898

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research
Rule name:INDICATOR_EXE_Packed_Fody
Create hunting rule
Author:ditekSHen
Description:Detects executables manipulated with Fody
Rule name:INDICATOR_SUSPICIOUS_EXE_DcRatBy
Create hunting rule
Author:ditekSHen
Description:Detects executables containing the string DcRatBy
Rule name:INDICATOR_SUSPICIOUS_EXE_DcRatBy
Create hunting rule
Author:ditekSHen
Description:Detects executables containing the string DcRatBy
Rule name:INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
Create hunting rule
Author:ditekSHen
Description:Detects executables containing URLs to raw contents of a Github gist
Rule name:INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice
Create hunting rule
Author:ditekSHen
Description:Detects executables attemping to enumerate video devices using WMI
Rule name:MALWARE_Win_DLAgent10
Create hunting rule
Author:ditekSHen
Description:Detects known downloader agent
Rule name:MAL_AsnycRAT
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects AsnycRAT based on it's config decryption routine
Rule name:MAL_AsyncRAT_Config_Decryption
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects AsnycRAT based on it's config decryption routine
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:SUSP_DOTNET_PE_List_AV
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detecs .NET Binary that lists installed AVs

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AsyncRAT

zip b2a4aca9ebb9d8032d7ac5b426c3bbbfb59bff6051f963fc9d55239a48b06898

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2381444/
  
Delivery method
Distributed via web download

Comments