MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e06dd348a334de7e2e43ef7a3739d4b4cf792b615595262aa212eec4e3005564. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	e06dd348a334de7e2e43ef7a3739d4b4cf792b615595262aa212eec4e3005564
SHA3-384 hash:	56a99686ba084a3913577820281da0350cc678a15b22f043bbeb5e2452ee5f1ac8678219e50bf418cd8dacae6851c536
SHA1 hash:	b91485e44591972ce74c2d4d62d04b348390613e
MD5 hash:	cecc0b843dcea78ba859efbb922041ed
humanhash:	carolina-music-december-fix
File name:	UKM301.bat
Download:	download sample
Signature	AsyncRAT Alert Create hunting rule
File size:	2'282 bytes
First seen:	2026-03-31 17:53:52 UTC
Last seen:	Never
File type:	bat
MIME type:	text/plain
ssdeep	48:1o/BfScAObEpEu+3tj0udzokhin49J194JS9aCdJ1/pHhBaJr:1o/nEGXj2khisJ344aC1pHhEZ
Threatray	759 similar samples on MalwareBazaar
TLSH	T1C44142421CAAA5310136C777B2244186FA5E23870F81FACD7A95808D2F5D2A7CBDF985
TrID	66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1) 33.3% (.MP3) MP3 audio (1000/1)
Magika	batch
Reporter	kirkderp
Tags:	AsyncRAT

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

53

Origin country :

US

Vendor Threat Intelligence

ACCE

Gathering data

ANY.RUN asyncrat

Malware family:

asyncrat

Alert

Create hunting rule

ID:

1

File name:

bank_statements.pdf.zip

Verdict:

Malicious activity

Analysis date:

2026-03-30 22:45:15 UTC

Tags:

webdav python asyncrat rat remote xworm auto generic arch-exec arch-doc stealer netreactor purehvnc amsi-bypass

Link:

https://app.any.run/tasks/f4db70e7-02a9-4253-bb8d-07685cbea743

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Gathering data

ClamAV Detected

Detection(s):

Sanesecurity.Malware.BadBatObs.31934.UNOFFICIAL

Alert

Create hunting rule

CyberFortress Malicious

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69cc0a573a18a6e1ddf0181f

Tags:

autorun dropper shell sage

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file

Creating a process from a recently created file

Creating a window

Running batch commands

Creating a process with a hidden window

Launching a process

DNS request

Connection attempt

Sending a custom TCP request

Sending an HTTP GET request

Enabling autorun by creating a file

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

anti-vm cscript evasive explorer fingerprint lolbin obfuscated timeout wscript

Link:

https://www.filescan.io/uploads/69cc11c3972c219c8d73bb0e/reports/a9ff72b2-33fb-4071-a2da-fb09adc8296b/overview

Hybrid Analysis DR/SNH

Verdict:

Suspicious

Labled as:

DR/SNH

Link:

https://www.hybrid-analysis.com/sample/e06dd348a334de7e2e43ef7a3739d4b4cf792b615595262aa212eec4e3005564

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

unix shell

First seen:

2026-03-31T18:59:00Z UTC

Last seen:

2026-04-01T07:58:00Z UTC

Hits:

~10

Detections:

Trojan.BAT.Runner.ef

Link:

https://opentip.kaspersky.com/e06dd348a334de7e2e43ef7a3739d4b4cf792b615595262aa212eec4e3005564/results?tab=lookup

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e06dd348a334de7e2e43ef7a3739d4b4cf792b615595262aa212eec4e3005564/

Neiki Trojan.BAT.Runner

Verdict:

Malicious

Threat:

Trojan.BAT.Runner

Link:

https://tip.neiki.dev/file/e06dd348a334de7e2e43ef7a3739d4b4cf792b615595262aa212eec4e3005564

ReversingLabs TitaniumCloud Win32.Dropper.Generic

Threat name:

Win32.Dropper.Generic

Alert

Create hunting rule

Status:

Suspicious

First seen:

2026-03-31 17:54:26 UTC

File Type:

Text (Batch)

AV detection:

1 of 36 (2.78%)

Threat level:

  3/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4bw5gsfdgtph4lsd555dooouwthxsk3bkwksmkvcclxmjyyakvsa._file

Threatray donutloader asyncrat

Verdict:

malicious

Label(s):

donutloader

Alert

Create hunting rule

asyncrat

Alert

Create hunting rule

Similar samples:

187892400b7506d72a75d516ad1afb001478bb29e631553a688f4d181285bf0a

AsyncRAT

5064aa4a8a667768fde17cf14512f06eb5ae6a8e4dc8f2b63541705563a34562

AsyncRAT

6f8196f6de261c3b0d45e9b847ae3cf706d99732778a7f86b954ea23e3dd342b

AsyncRAT

c068cc48bec2df63dd7b04434b7692535ae447275d2328b1a3e797c5652ceb3c

AsyncRAT

e108eb9dcaeb95d6f88501c31b0ebf572ec317bcdcb76b9902fdc35b9345e818

AsyncRAT

e6a9c46eb4b7c44c0123df256b7d23463fa11c4834cf175eee2f3d87402c1317

AsyncRAT

ea455824ada64047aba9990bfa8825e807ebbd40bf21617faf0b3460af2a8ffe

AsyncRAT

error

AsyncRAT

f14f79992777e93deb7c49c9f70a59783d51f68a53cb6399c8393998efb85198

AsyncRAT

f545d644196419b41eadae3f0846888c396284cc148c780916c0d96a07f71b40

AsyncRAT

+ 749 additional samples on MalwareBazaar

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

defense_evasion

Link:

https://tria.ge/reports/260331-wg3fasfw7z/

Behaviour

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Drops startup file

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.23

Link:

https://yomi.yoroi.company/submissions/e06dd348a334de7e2e43ef7a3739d4b4cf792b615595262aa212eec4e3005564

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/59942/