popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Async7842.exe

Generic Malware UPX Malicious Library Malicious Packer PWS .NET EXE PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 1, 2021, 10:27 a.m. Nov. 1, 2021, 10:31 a.m.
Size 45.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 a1fc890ea630be2c1efd80062ce12b18
SHA256 1dd6d37553168fa3929f5eaa5b2b0505aae5897809b532dd0b12eae8ffd8957f
CRC32 99BAE3B9
ssdeep 768:/uScq5TAYGTqWU8j+zmo2qL55/0tqjEPIazjb7gX3iRGlE33uOOQzxBDZnx:/uScq5TA5c2ONta3bEXS3uezPdnx
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult

Name Response Post-Analysis Lookup
asyncmoney.duckdns.org
A 103.151.123.194
103.151.123.194
IP Address Status Action
103.151.123.194 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:53893 -> 164.124.101.2:53 2022918 ET INFO DYNAMIC_DNS Query to *.duckdns. Domain Misc activity
TCP 192.168.56.103:49167 -> 103.151.123.194:7829 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 103.151.123.194:7829 -> 192.168.56.103:49167 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49167
103.151.123.194:7829 		CN=AsyncRAT Server CN=AsyncRAT Server 92:6c:c8:c2:f4:ea:22:63:7c:2c:a1:24:62:ec:7d:a8:50:70:64:39

domain asyncmoney.duckdns.org
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.IgenericFC.S14890850
McAfee Fareit-FZT!A1FC890EA630
Cylance Unsafe
Zillya Trojan.Agent.Win32.1338469
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005678321 )
K7GW Trojan ( 005678321 )
CrowdStrike win/malicious_confidence_70% (D)
Cyren W32/MSIL_Troj.UP.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Agent.CFQ
APEX Malicious
ClamAV Win.Packed.Samas-7998113-0
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik
Avast Win32:DropperX-gen [Drp]
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Emsisoft IL:Trojan.MSILZilla.1627 (B)
DrWeb Trojan.Siggen9.56514
McAfee-GW-Edition BehavesLike.Win32.Fareit.pm
Sophos ML/PE-A + Mal/Agent-AVM
SentinelOne Static AI - Malicious PE
Jiangmin Backdoor.MSIL.cxnh
eGambit Unsafe.AI_Score_99%
Avira TR/Dropper.Gen
Antiy-AVL Trojan/Generic.ASMalwS.30A2162
Microsoft Backdoor:MSIL/AsyncRat.AD!MTB
AhnLab-V3 Trojan/Win32.RL_Generic.R358277
VBA32 TScope.Trojan.MSIL
MAX malware (ai score=88)
Malwarebytes Backdoor.AsyncRAT.MSIL.Generic
Yandex Trojan.Agent!JG/yJ4ZE8CU
Ikarus Trojan.MSIL.Agent
MaxSecure Trojan.Malware.74418669.susgen
Fortinet MSIL/CoinMiner.CFQ!tr
Webroot W32.Trojan.Dropper
AVG Win32:DropperX-gen [Drp]
Cybereason malicious.ea630b