popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

AsyncClient7842.exe

Generic Malware UPX Malicious Library Malicious Packer PWS .NET EXE PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 1, 2021, 10:26 a.m. Nov. 1, 2021, 10:53 a.m.
Size 45.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 56d21a87c6fa6866a2eea06b1de91add
SHA256 c8dec500839b3698755d9304442aa9f3516218b7c6340e2b1202dbe83089ab1d
CRC32 38DED9A3
ssdeep 768:zuScq5TAYGTqWU8j+zmo2qLX4355tByx1PIUzjbOgX3iiGxyqC5d3KymKczom+Bn:zuScq5TA5c2g4p5VU3bxXSiuxCuL0Hdt
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult

Name Response Post-Analysis Lookup
asyncmoney.duckdns.org
A 103.151.123.194
103.151.123.194
IP Address Status Action
103.151.123.194 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49168 -> 103.151.123.194:7841 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 103.151.123.194:7841 -> 192.168.56.103:49168 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected
UDP 192.168.56.103:53893 -> 164.124.101.2:53 2022918 ET INFO DYNAMIC_DNS Query to *.duckdns. Domain Misc activity

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49168
103.151.123.194:7841 		CN=AsyncRAT Server CN=AsyncRAT Server 92:6c:c8:c2:f4:ea:22:63:7c:2c:a1:24:62:ec:7d:a8:50:70:64:39

domain asyncmoney.duckdns.org
Elastic malicious (high confidence)
DrWeb Trojan.Siggen9.56514
MicroWorld-eScan IL:Trojan.MSILZilla.1627
FireEye Generic.mg.56d21a87c6fa6866
CAT-QuickHeal Trojan.IgenericFC.S14890850
ALYac IL:Trojan.MSILZilla.1627
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_70% (D)
K7GW Trojan ( 005678321 )
K7AntiVirus Trojan ( 005678321 )
BitDefenderTheta Gen:NN.ZemsilF.34218.cm0@airYa4b
Cyren W32/MSIL_Troj.UP.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Agent.CFQ
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Samas-7998113-0
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
BitDefender IL:Trojan.MSILZilla.1627
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik
Avast Win32:DropperX-gen [Drp]
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Ad-Aware IL:Trojan.MSILZilla.1627
Emsisoft IL:Trojan.MSILZilla.1627 (B)
Zillya Trojan.Agent.Win32.1334999
McAfee-GW-Edition BehavesLike.Win32.Fareit.pm
Sophos ML/PE-A + Mal/Agent-AVM
Ikarus Trojan.MSIL.Agent
Jiangmin Backdoor.MSIL.cxnh
Webroot W32.Trojan.Dropper
Avira TR/Dropper.Gen
Antiy-AVL Trojan/Generic.ASMalwS.30D4D20
Microsoft Backdoor:MSIL/AsyncRat.AD!MTB
ZoneAlarm HEUR:Backdoor.MSIL.Crysan.gen
GData MSIL.Backdoor.DCRat.D
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.RL_Generic.R358277
McAfee Fareit-FZT!56D21A87C6FA
MAX malware (ai score=89)
VBA32 TScope.Trojan.MSIL
Malwarebytes Generic.Trojan.Malicious.DDS
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.74418669.susgen
Fortinet MSIL/CoinMiner.CFQ!tr
AVG Win32:DropperX-gen [Drp]