MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc0aafee4fcb757e3db153155727f625b89a803b217e346e24db4a7714c50390. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc0aafee4fcb757e3db153155727f625b89a803b217e346e24db4a7714c50390
SHA3-384 hash: e62bf9a55fde922eeb8fa317ed4bd5211ef004578429b15cce3bcdd894c1c0daf06d196c2b12d10691823cfd8a46a15f
SHA1 hash: 5b7090e77946b1323d2b03a50cfd22d616d506aa
MD5 hash: afb82141c7278b4de58916131f8a33f4
humanhash: east-jersey-nineteen-magnesium
File name:afb82141c7278b4de58916131f8a33f4.exe
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:10'240 bytes
First seen:2022-09-21 06:15:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 192:u+PV7d8j+TgJ+H9jIcgh8T2PnHXHgvBc:uCV7dXTgJ+HRI5ST2vH3s
Threatray 2'159 similar samples on MalwareBazaar
TLSH T17C226165B386E5A9C8A90F75CD93D7E00E38BD119E158B9B36E0AB4F2D31390BD30761
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon d292b0b2da36bcbe (11 x AsyncRAT, 7 x Metasploit, 6 x CoinMiner)
Reporter abuse_ch
Tags:AsyncRAT exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
227
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
afb82141c7278b4de58916131f8a33f4.exe
Verdict:
No threats detected
Analysis date:
2022-09-21 06:26:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/89b3d709-44e2-4b33-9e4b-aebb3242f156

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/311961/
Detection(s):
SecuriteInfo.com.Win64.DropperX-gen.13278.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP GET request
Launching a process
Creating a process with a hidden window
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated
Link:
https://www.filescan.io/uploads/632aac7f12db32f024652b84/reports/f8f7ac98-9fa6-4087-bc14-98507b439fa6/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/af6f90c2-c258-4dea-bf1d-818b9143e86a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1074333
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
Encrypted powershell cmdline option found
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc0aafee4fcb757e3db153155727f625b89a803b217e346e24db4a7714c50390/
Threat name:
ByteCode-MSIL.Trojan.Cerbu
Create hunting rule
Status:
Malicious
First seen:
2022-09-20 19:08:45 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
13
AV detection:
16 of 40 (40.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7qfk73spzn2x4pnrkmkvoj7wew4jvab3ef7di3re3nfhofgfaoia._file
Verdict:
malicious
Label(s):
asyncrat
Create hunting rule
Similar samples:
11e4843a483f2a083b7daf71446ff19442ea1a924f4550dab5f059ee5893357f
AsyncRAT
15e2f966937440c34a383f8a2df6fa8b380fbc858b7560e3129f563296e17fbb
AsyncRAT
378e955a6f493ef2b46ed3532845e352a51109867b12db4b561b64c301fb3166
AsyncRAT
3d538725fd27edb771e7e5c07a11508d7363dc6f0bdb438240bd34eae746aeed
AsyncRAT
3fba4c2bac1363433553b57b389916f759be99e350e8003bf3d2a5584ebe5f46
AsyncRAT
953eea5757d78536aa654da079a8f04e87874043d848b938cce9fc9aa85ee83d
AsyncRAT
ba7eb469fe9c39c9ed627452aa90a74532d8246e493e1b55b3f3ebc079d4583f
AsyncRAT
c6dd3230844ddd812a8db028769fcaa7b87cd08535acb9c7c843455335a81c86
AsyncRAT
ce64e9ecb6eafed95cc5fbe2b1f7eb84046a6f9cf93c344724fe7052b97a67eb
AsyncRAT
+ 2'149 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220921-g1gwdabacr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks computer location settings
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b8d1240f-6707-4fbb-8923-7a68092941f6
Unpacked files
SH256 hash:
fc0aafee4fcb757e3db153155727f625b89a803b217e346e24db4a7714c50390
MD5 hash:
afb82141c7278b4de58916131f8a33f4
SHA1 hash:
5b7090e77946b1323d2b03a50cfd22d616d506aa
Link:
https://www.unpac.me/results/e5416a25-e8b4-4d70-ae53-25bf7d752368/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/fc0aafee4fcb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.44
Link:
https://yomi.yoroi.company/submissions/fc0aafee4fcb757e3db153155727f625b89a803b217e346e24db4a7714c50390

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AsyncRAT

Executable exe fc0aafee4fcb757e3db153155727f625b89a803b217e346e24db4a7714c50390

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2306837/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2307201/
Cape
Cape
https://www.capesandbox.com/analysis/311961/

Comments