MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e82b8b4fda78cdd1b1a4455103362ef508b1d903a3de7bb0ff11c07e8543123f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 17


Intelligence 17 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e82b8b4fda78cdd1b1a4455103362ef508b1d903a3de7bb0ff11c07e8543123f
SHA3-384 hash: 9be33412e4bf82d87a6186e83a00edca43d1c11d61de3fc2962c117f5cad506b56f029363634f11b648a17fa69f68aa9
SHA1 hash: 6777d20bb645a5689d459469f434ae66787464b1
MD5 hash: aa6520925656316533f71e84b30d5cc8
humanhash: river-violet-stream-robin
File name:T26021001 PL - 1 x 40'HQ(代用櫃) ( CFS-CY ) ex Taipei to Long Beach , CA (EMC), ETC 0320 SO#0288.scr
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:843'264 bytes
First seen:2026-03-18 07:23:20 UTC
Last seen:2026-03-18 08:28:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'843 x AgentTesla, 19'775 x Formbook, 12'297 x SnakeKeylogger)
ssdeep 12288:FnDYvdFpdcvkI+BciNB6RMZHYivLxPb13hO9uhuwU8daJqPdlTncJ+wbM1gnD2H:F8vdFpdcvkIMciaCZfPLNPLnMh5D2H
Threatray 1'248 similar samples on MalwareBazaar
TLSH T1B405E0056A58E802C5A19BF81870E37442B97D68BA01C753DEEEFDEB75396C634043AF
TrID 73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win64 Executable (generic) (6522/11/2)
4.5% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter threatcat_ch
Tags:AsyncRAT exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
151
Origin country :
CH CH
Vendor Threat Intelligence
Malware configuration found for:
RoboSki
Details
Link:
https://research.acce.ciphertechsolutions.com/results/47facddd-c3a2-4d10-b23b-b4a881f7cd9b/
Malware family:
n/a
ID:
1
File name:
T26021001 PL - 1 x 40'HQ(代用櫃) ( CFS-CY ) ex Taipei to Long Beach , CA (EMC), ETC 0320 SO#0288.scr
Verdict:
No threats detected
Analysis date:
2026-03-18 07:26:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/10694415-4d5e-4028-b170-685ce1b8fde9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
XWorm
Create hunting rule
Link:
https://www.capesandbox.com/analysis/57880/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.25439449.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69ba532193b644ca466b355e
Tags:
autorun micro virus
Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
krypt masquerade packed
Link:
https://www.filescan.io/uploads/69ba531f4678eefbc7adf43b/reports/24f11753-5a54-4ceb-9d83-5117db0bf913/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/e82b8b4fda78cdd1b1a4455103362ef508b1d903a3de7bb0ff11c07e8543123f
Verdict:
Malicious
File Type:
exe x32
Detections:
Backdoor.Agent.TCP.C&C Trojan.MSIL.Inject.sb Trojan.MSIL.Crypt.sb Trojan.MSIL.Agent.sb Backdoor.MSIL.XWorm.c Backdoor.MSIL.XWorm.b Backdoor.MSIL.XWorm.a PDM:Trojan.Win32.Generic HEUR:Trojan-PSW.MSIL.Stealer.gen
Link:
https://opentip.kaspersky.com/e82b8b4fda78cdd1b1a4455103362ef508b1d903a3de7bb0ff11c07e8543123f/results?tab=lookup
Malware family:
XWorm
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/419d3238-799f-47a3-9830-a98935194ede
Result
Threat name:
XWorm
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1885370
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
C2 URLs / IPs found in malware configuration
Found malware configuration
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected XWorm
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/e82b8b4fda78cdd1b1a4455103362ef508b1d903a3de7bb0ff11c07e8543123f
Verdict:
inconclusive
YARA:
10 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.19 Win 32 Exe x86
Link:
https://app.malva.re/file/aa6520925656316533f71e84b30d5cc8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e82b8b4fda78cdd1b1a4455103362ef508b1d903a3de7bb0ff11c07e8543123f/
Verdict:
Malicious
Threat:
Family.XWORM
Link:
https://tip.neiki.dev/file/e82b8b4fda78cdd1b1a4455103362ef508b1d903a3de7bb0ff11c07e8543123f
Threat name:
ByteCode-MSIL.Backdoor.Quasar
Create hunting rule
Status:
Malicious
First seen:
2026-03-18 07:24:20 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
10 of 36 (27.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5avywt62pdg5dmneiviqgnro6ueldwidupphxmh7chah5bkdci7q._file
Verdict:
malicious
Label(s):
xworm
Create hunting rule
Similar samples:
7a4e6cb96cfa53aa0638b29d38ddc1a31cc53b807e6cc3299f891272a8d00d03
AsyncRAT
87ffe7535f7e221d713ce338cb8f1ad3481c6a1a48932203f1658d6a1cd1c201
AsyncRAT
9b8d72d1a03fbc62aceda0d7e071474fa88f81624ce6aed1fd77f4197cd96305
AsyncRAT
9fe7289e6e6eff48961ebe44aed0440e21d35702da284c34f4ef8c37b6ad7419
AsyncRAT
error
AsyncRAT
+ 1'238 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/260318-h8g2saaz6p/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
System Location Discovery: System Language Discovery
Unpacked files
SH256 hash:
e82b8b4fda78cdd1b1a4455103362ef508b1d903a3de7bb0ff11c07e8543123f
MD5 hash:
aa6520925656316533f71e84b30d5cc8
SHA1 hash:
6777d20bb645a5689d459469f434ae66787464b1
Link:
https://www.unpac.me/results/7c05c8e0-2a84-4eda-82cd-bbab5b18b900/
SH256 hash:
da67bbbeffdfdf50a302b09f297a3e2f07298bb97e3dc231d45124633f11870e
MD5 hash:
bf2dd665dcd29e40779a74d9f67dbaa3
SHA1 hash:
3025b4c1747b176092533273850e8c7e5f87bf32
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/7c05c8e0-2a84-4eda-82cd-bbab5b18b900/
SH256 hash:
83c6ff82a5132602267983ae73fbe462ca3adbe844b7942fae87f693930a2dfd
MD5 hash:
9cc3e3a87bedcee57a52b4fc8930c3f8
SHA1 hash:
3710abb3f390d54b3d959b7b45486d7af84b5f5f
Link:
https://www.unpac.me/results/7c05c8e0-2a84-4eda-82cd-bbab5b18b900/
SH256 hash:
28e998e6cde9ecbf24967433ea1afa2e95f26233f1199460ca0a7f2b34b690b1
MD5 hash:
6815abd4138624b9d6975b742a1e3781
SHA1 hash:
42fdc8ae68242f723ffaa61fb507244b63502c6c
Detections:
win_mal_XWorm
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA
Create hunting rule
MALWARE_Win_AsyncRAT
Create hunting rule
MALWARE_Win_XWorm
Create hunting rule
Link:
https://www.unpac.me/results/7c05c8e0-2a84-4eda-82cd-bbab5b18b900/
Parent samples :
cc07b7fc44aba3906470be4b5a285b6e17b4c67f706e4afa6fc694392481c9ae
9b8d72d1a03fbc62aceda0d7e071474fa88f81624ce6aed1fd77f4197cd96305
055e35129e5bc0e4417ee8aeb8a4020825489da13a5e01962f0e69391e51b5f7
b07b9082bfe11919da0905e9b95611817efbc293618ec42cefb82e2ad0d7450d
e82b8b4fda78cdd1b1a4455103362ef508b1d903a3de7bb0ff11c07e8543123f
Malware family:
XWorm
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e82b8b4fda78/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e82b8b4fda78cdd1b1a4455103362ef508b1d903a3de7bb0ff11c07e8543123f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AgentTesla_DIFF_Common_Strings_01
Create hunting rule
Author:schmidtsz
Description:Identify partial Agent Tesla strings
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AsyncRAT

Executable exe e82b8b4fda78cdd1b1a4455103362ef508b1d903a3de7bb0ff11c07e8543123f

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/57880/

Comments