popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Asyn_gracet.exe

AsyncRAT Malicious Library PWS PE File OS Processor Check PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 13, 2021, 8:20 a.m. May 13, 2021, 8:23 a.m.
Size 45.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 a111a4a9058473075bea557a2ff2dfd6
SHA256 7e2c927caec040c6a134fbcd520023dd48379be367b6af0a353dfc1e4d0bcc3d
CRC32 1208A8FD
ssdeep 768:vuYK9T3kH1jWUvmqRmo2qbimOCK66PIXzjb8gX3OpFRTCXMBDZXx:vuYK9T34l2Tm9DX3bTXepbCadXx
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
sipex2021.ddns.net
A 79.134.225.7
79.134.225.7
IP Address Status Action
164.124.101.2 Active Moloch
79.134.225.7 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49202 -> 79.134.225.7:9476 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 79.134.225.7:9476 -> 192.168.56.101:49202 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected
UDP 192.168.56.101:61479 -> 164.124.101.2:53 2028675 ET POLICY DNS Query to DynDNS Domain *.ddns .net Potentially Bad Traffic

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49202
79.134.225.7:9476 		CN=AsyncRAT Server CN=AsyncRAT Server 38:93:43:3b:e0:2c:7f:8a:16:65:19:d2:e1:bd:17:f8:35:e9:cf:da

domain sipex2021.ddns.net
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Semper.DotNet.3
CAT-QuickHeal Trojan.IgenericFC.S14890850
ALYac Gen:Variant.Semper.DotNet.3
Cylance Unsafe
Zillya Backdoor.Crysan.Win32.459
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_80% (D)
K7GW Trojan ( 005678321 )
K7AntiVirus Trojan ( 005678321 )
Arcabit Trojan.Semper.DotNet.3
Cyren W32/MSIL_Troj.UP.gen!Eldorado
ESET-NOD32 a variant of MSIL/Agent.CFQ
APEX Malicious
ClamAV Win.Packed.Samas-7998113-0
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
BitDefender Gen:Variant.Semper.DotNet.3
Avast Win32:DropperX-gen [Drp]
Ad-Aware Gen:Variant.Semper.DotNet.3
Sophos ML/PE-A + Mal/Agent-AVM
F-Secure Trojan.TR/Dropper.Gen
DrWeb Trojan.Siggen9.56514
McAfee-GW-Edition BehavesLike.Win32.Fareit.pm
MaxSecure Trojan.Malware.74418669.susgen
FireEye Generic.mg.a111a4a905847307
Emsisoft Trojan.Agent (A)
Ikarus Trojan.MSIL.Agent
Jiangmin Backdoor.MSIL.cxnh
Avira TR/Dropper.Gen
Antiy-AVL Trojan/Generic.ASMalwS.306CD8C
Microsoft Backdoor:MSIL/AsyncRat.AD!MTB
GData MSIL.Trojan.PSE.167JTU8
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.C3558490
McAfee Fareit-FZT!A111A4A90584
MAX malware (ai score=85)
VBA32 TScope.Trojan.MSIL
Malwarebytes Generic.Trojan.Malicious.DDS
Rising Backdoor.AsyncRAT!1.C3F4 (C64:YzY0OgM+IAgfVJEJ)
Yandex Trojan.Agent!aUg2o1C3Uuw
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_99%
Fortinet MSIL/CoinMiner.CFQ!tr
BitDefenderTheta Gen:NN.ZemsilF.34688.cm0@a8RlA2
AVG Win32:DropperX-gen [Drp]
Cybereason malicious.905847