Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 20, 2024, 7:56 a.m.	March 20, 2024, 8:02 a.m.

Size	45.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`310b982faa6a9c8473c6a6097a64317f`
SHA256	`c21d1dd6391ae93398507c94f9b075dbe8baceed4903a78b3f6bebfa85cd155e`
CRC32	`072E00D2`
ssdeep	`768:huyRNTAoZjRWUJs9bmo2qLxAuXuPeD58vnPIM9zjbggX36PV/n8vvmv4Rk4oTeBf:huyRNTAGo2Ju7D5iAM93bHXK9/n8mQRL`
Yara	AsyncRat - AsyncRat Payload Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
77.232.132.25	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 77.232.132.25:5001 -> 192.168.56.101:49163	2030673	ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)	Domain Observed Used for C2 Detected
TCP 77.232.132.25:5001 -> 192.168.56.101:49163	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	Domain Observed Used for C2 Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49163 77.232.132.25:5001	CN=AsyncRAT Server	CN=AsyncRAT Server	95:14:31:e1:8b:12:18:6b:0b:1d:74:3e:bc:8f:d7:78:2f:4e:83:fc

Communicates with host for which no DNS query was performed (1 event)

host

77.232.132.25

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.AsyncRAT.m!c
Elastic	Windows.Generic.Threat
CAT-QuickHeal	Trojan.IgenericFC.S14890850
Skyhigh	BehavesLike.Win32.Fareit.pm
ALYac	Generic.AsyncRAT.Marte.B.C6809D6C
Cylance	unsafe
VIPRE	Generic.AsyncRAT.Marte.B.C6809D6C
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005678321 )
BitDefender	Generic.AsyncRAT.Marte.B.C6809D6C
K7GW	Trojan ( 005678321 )
Cybereason	malicious.faa6a9
Arcabit	Generic.AsyncRAT.Marte.B.C6809D6C
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/AsyncRAT.A
APEX	Malicious
McAfee	Fareit-FZT!310B982FAA6A
Avast	Win32:DropperX-gen [Drp]
ClamAV	Win.Packed.Razy-9625918-0
Kaspersky	HEUR:Backdoor.MSIL.Crysan.gen
Alibaba	Backdoor:MSIL/AsyncRat.215d1f8e
MicroWorld-eScan	Generic.AsyncRAT.Marte.B.C6809D6C
Rising	Trojan.AntiVM!1.CF63 (CLASSIC)
Emsisoft	Generic.AsyncRAT.Marte.B.C6809D6C (B)
F-Secure	Heuristic.HEUR/AGEN.1305744
DrWeb	Trojan.Siggen9.56514
Zillya	Trojan.AsyncRAT.Win32.1332
TrendMicro	Backdoor.MSIL.ASYNCRAT.SMXSR
FireEye	Generic.mg.310b982faa6a9c84
Sophos	Troj/AsyncRat-B
Ikarus	Backdoor.AsyncRat
Jiangmin	Backdoor.MSIL.cxnh
Google	Detected
Avira	HEUR/AGEN.1305744
MAX	malware (ai score=83)
Antiy-AVL	Trojan[Backdoor]/MSIL.Crysan
Kingsoft	malware.kb.c.998
Gridinsoft	Trojan.Win32.Agent.sa
Microsoft	Backdoor:MSIL/AsyncRat.AD!MTB
ZoneAlarm	HEUR:Backdoor.MSIL.Crysan.gen
GData	MSIL.Backdoor.DCRat.D
Varist	W32/Samas.B.gen!Eldorado
AhnLab-V3	Malware/Win32.RL_Generic.C3558490
BitDefenderTheta	Gen:NN.ZemsilF.36802.cm0@aym5Szg
DeepInstinct	MALICIOUS
VBA32	OScope.Backdoor.MSIL.Crysan
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/CI.A

asyns.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All