MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 efcdf30c07197ad6dc12efb326db35a5acc90eb47cedba517f97627e48c1d251. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: efcdf30c07197ad6dc12efb326db35a5acc90eb47cedba517f97627e48c1d251
SHA3-384 hash: 065ec4f7aeda3e3b3e7652eb5e92df97fb4e2b601010a0d802e4f9c02fb8fea57929439c7e9a7c79fa2e2b28fb28afe6
SHA1 hash: a9594546d8931c3e8c49ae8ed63cf19d09813626
MD5 hash: cf3d25b6a7ff0c484fc01eece1d119b2
humanhash: kansas-zulu-orange-zebra
File name:cf3d25b6a7ff0c484fc01eece1d119b2.exe
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:154'112 bytes
First seen:2020-12-25 07:56:48 UTC
Last seen:2020-12-25 10:13:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:W5Yz+GLS6GyNo/tuHf9q/Y7ZUjIleTxd1TgckGTZrwa0qCWss+:H+F6G7/8HfcA7KhTbjkGTZruW
Threatray 33 similar samples on MalwareBazaar
TLSH 91E31361B3E11623C5F74BBE0C6A35A136B5D754AC53FBBF7CC8B6AA5D023102692842
Reporter abuse_ch
Tags:AsyncRAT exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
648
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cf3d25b6a7ff0c484fc01eece1d119b2.exe
Verdict:
No threats detected
Analysis date:
2020-12-25 07:56:56 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fbae287b-1323-4398-9bee-364fb1f2354f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/109423/
Detection(s):
SecuriteInfo.com.Trojan.Packed2.41837.20380.4512.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Connection attempt
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AsyncRAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/570027
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM_3
Yara detected AsyncRAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/efcdf30c07197ad6dc12efb326db35a5acc90eb47cedba517f97627e48c1d251/
Threat name:
ByteCode-MSIL.Trojan.Heracles
Create hunting rule
Status:
Malicious
First seen:
2020-12-22 14:54:12 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1e1edb890e24d3cb872cc3732134658213cf42b670fb751c3fb425ea624df58b
AsyncRAT
4994e0b1532ec815a5c842d5bd42454c2bf4e99adc0638924545230dda11bc24
AsyncRAT
574efe8cce09da26ed0ae70376857c12d1282c55e113ad65523307364900de16
AsyncRAT
586db73f0c9c8a852533d500b667211da84f2621c79c2cf19f471655db0cd64f
AsyncRAT
63cdf6732c057eee9626cae35b73e53dbc35b1c7231c573e8c672372074ac926
AsyncRAT
6be2eb67682c01f45fff604dd26b0444506d6a92a9405786ca89d2b82f09f5bc
AsyncRAT
970fe6d1c87273191ee73f2dadea1f9e25d456676ecd6997acd30bbda05de43a
AsyncRAT
b1b3a3b2ff01c33585d2fa3eadd78741af5b421e7463450e348401be175f0a31
AsyncRAT
b2515df7e9eb70d6b570111a20ef302156cba0a672d6a8632a01c67d7fc20b4e
AsyncRAT
cbf86dd376f5333537f8aa84a0942a077b137153595467095c9efefe760455a3
AsyncRAT
+ 23 additional samples on MalwareBazaar
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat rat
Link:
https://tria.ge/reports/201225-5ltkxcy992/
Behaviour
Suspicious use of AdjustPrivilegeToken
Async RAT payload
AsyncRat
Unpacked files
SH256 hash:
2bf87ac1e5fd06826d96b4d078de020b80430ede03dbb32bf1685c59ac05add3
MD5 hash:
c317e386bd249960fe9b408130055824
SHA1 hash:
1efe7de3ee125e9bda9e3382bf14a7212482de80
Link:
https://www.unpac.me/results/ed041935-ad97-414c-90ae-8b2f088b8064/
SH256 hash:
efcdf30c07197ad6dc12efb326db35a5acc90eb47cedba517f97627e48c1d251
MD5 hash:
cf3d25b6a7ff0c484fc01eece1d119b2
SHA1 hash:
a9594546d8931c3e8c49ae8ed63cf19d09813626
Link:
https://www.unpac.me/results/ed041935-ad97-414c-90ae-8b2f088b8064/
SH256 hash:
f5c71db61a6e24a79e55c55384fca0b73b03b857ca9f986cf28e07f2a1140216
MD5 hash:
a7111f022549ba0f4b57a0d98980696a
SHA1 hash:
ebe4c38fe0344b9004215b25e88b595f195abc4d
Detections:
win_asyncrat_w0
Create hunting rule
Link:
https://www.unpac.me/results/ed041935-ad97-414c-90ae-8b2f088b8064/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/efcdf30c07197ad6dc12efb326db35a5acc90eb47cedba517f97627e48c1d251

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/109423/

Comments