popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

swag.exe

AsyncRAT
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 19, 2021, 8:46 a.m. April 19, 2021, 8:51 a.m.
Size 45.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 e708a1326e771df1d327cf23fce3e5ec
SHA256 b5674319bcebd9014b56b75c0a0f425ba8163c7798dfa0d27950313e2e5c3ba1
CRC32 1453CE55
ssdeep 768:RuwCfTg46YbWUn9jjmo2qr30ewtDcy0oiZPIHzjbGgX3iZfh2DW/B8BDZjf+:RuwCfTgpM28wRPiWH3bZXS3AWpadjf+
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Win32_Trojan_PWS_Azorult_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • win_mutex - Create or check mutex
  • IsPE32 - (no description)
  • IsNET_EXE - (no description)
  • IsWindowsGUI - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
144.202.124.67 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

host 144.202.124.67
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.679304
FireEye Generic.mg.e708a1326e771df1
McAfee Fareit-FZT!E708A1326E77
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005678321 )
K7GW Trojan ( 005678321 )
Cybereason malicious.26e771
Arcabit Trojan.Razy.DA5D88
Cyren W32/MSIL_Troj.UP.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Agent.CFQ
APEX Malicious
Avast Win32:DropperX-gen [Drp]
ClamAV Win.Packed.Samas-7998113-0
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
BitDefender Gen:Variant.Razy.679304
Paloalto generic.ml
AegisLab Trojan.MSIL.Crysan.m!c
Tencent Msil.Backdoor.Crysan.Ahxw
Ad-Aware Gen:Variant.Razy.679304
Emsisoft Gen:Variant.Razy.679304 (B)
DrWeb Trojan.Siggen9.56514
Zillya Trojan.Agent.Win32.1337942
McAfee-GW-Edition Fareit-FZT!E708A1326E77
Sophos Mal/Generic-R + Mal/Agent-AVM
SentinelOne Static AI - Malicious PE
Avira TR/Dropper.Gen
Microsoft Backdoor:MSIL/AsyncRat.AD!MTB
GData MSIL.Trojan.PSE.1P6RO87
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.C3558490
BitDefenderTheta Gen:NN.ZemsilF.34678.cm0@amF!2t
ALYac Gen:Variant.Razy.679304
MAX malware (ai score=89)
Malwarebytes Generic.Trojan.Malicious.DDS
Rising Trojan.AntiVM!1.CF63 (CLOUD)
Ikarus Trojan.MSIL.Agent
eGambit Unsafe.AI_Score_99%
Fortinet MSIL/CoinMiner.CFQ!tr
AVG Win32:DropperX-gen [Drp]
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 HEUR/QVM03.0.9E77.Malware.Gen
dead_host 192.168.56.101:49213
dead_host 192.168.56.101:49212
dead_host 192.168.56.101:49203
dead_host 192.168.56.101:49201
dead_host 192.168.56.101:49211
dead_host 192.168.56.101:49210
dead_host 192.168.56.101:49207
dead_host 144.202.124.67:7777
dead_host 192.168.56.101:49209
dead_host 144.202.124.67:443
dead_host 192.168.56.101:49208
dead_host 192.168.56.101:49205
dead_host 192.168.56.101:49214
dead_host 192.168.56.101:49206