MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbd01daf6f9541d648c04572779da9203855c18fe20fb333f7b5ed18206abc22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara 1 Comments

SHA256 hash: fbd01daf6f9541d648c04572779da9203855c18fe20fb333f7b5ed18206abc22
SHA3-384 hash: f1d1bba817f5adeefd0a46e5f4649397d91772d025c1ccb69f2234615900f375533d87404648b8c3533c914ab76910f9
SHA1 hash: e4c75367993918616d558dcf5ddab4f544dd49c9
MD5 hash: ca9b1397310d3cbe5af8773585cbfd29
humanhash: white-tennis-foxtrot-india
File name:ca9b1397310d3cbe5af8773585cbfd29.exe
Download: download sample
Signature AsyncRAT
File size:220'160 bytes
First seen:2020-06-30 19:25:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:s1j9lFdKFY6Qfk84O1FSENamKKxxGcR/kY7:s17XKF/Q54yEmdrR/R7
TLSH C524AD4B335D2AEBC16E98B91B6800834FF05207F493E69A5DE938F3D1ABB9345019D7
Reporter @abuse_ch
Tags:AsyncRAT exe RAT

AsyncRAT C2: (


Mail intelligence No data
# of uploads 1
# of downloads 40
Origin country FR FR
CAPE Sandbox Gathering data
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 19:27:04 UTC
AV detection:24 of 31 (77.42%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   8/10
Malware Family:n/a
VirusTotal:Virustotal results 19.18%

Yara Signatures

Rule name:win_asyncrat_j1
Author:Johannes Bader @viql
Description:detects AsyncRAT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download


Executable exe fbd01daf6f9541d648c04572779da9203855c18fe20fb333f7b5ed18206abc22

(this sample)

Delivery method
Distributed via web download