Summary | ZeroBOX

25.txt.exe

AsyncRAT .NET framework(MSIL) UPX Malicious Library Malicious Packer .NET EXE PE File OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6403_us July 2, 2024, 9:47 a.m. July 2, 2024, 9:49 a.m.
Size 63.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 b2e56a7b3dd03c8000e78544f540677d
SHA256 b193cf76307f762a9cdf61191cda685377b9a1ce2eba781647a134b5d9add7bd
CRC32 0C0D4C66
ssdeep 1536:PmImx6tX2kNff4sKu+UYFqVrjAbPAPv0FTTtWrPlTGBx:Pm9x6tmkN7Ku+UYFoAbP40Fn4d6x
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • AsyncRat - AsyncRat Payload
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
wins19junspam.duckdns.org 192.169.69.26
IP Address Status Action
164.124.101.2 Active Moloch
192.169.69.26 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2042936 ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2022918 ET INFO DYNAMIC_DNS Query to *.duckdns. Domain Misc activity

Suricata TLS

No Suricata TLS

domain wins19junspam.duckdns.org
Bkav W32.AIDetectMalware.CS
Elastic Windows.Generic.Threat
CAT-QuickHeal Backdoor.MsilFC.S14901152
Skyhigh BehavesLike.Win32.Fareit.km
ALYac Generic.AsyncRAT.Marte.B.7F02B142
Cylance Unsafe
VIPRE Generic.AsyncRAT.Marte.B.7F02B142
Sangfor Suspicious.Win32.Save.a
BitDefender Generic.AsyncRAT.Marte.B.7F02B142
Cybereason malicious.b3dd03
Arcabit Generic.AsyncRAT.Marte.B.7F02B142
VirIT Trojan.Win32.MSIL_Heur.B
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/AsyncRAT.A
APEX Malicious
McAfee PWS-FCQR!B2E56A7B3DD0
Avast Win32:DropperX-gen [Drp]
ClamAV Win.Packed.Razy-9625918-0
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
MicroWorld-eScan Generic.AsyncRAT.Marte.B.7F02B142
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Emsisoft Generic.AsyncRAT.Marte.B.7F02B142 (B)
F-Secure Trojan.TR/Dropper.Gen
DrWeb BackDoor.AsyncRATNET.2
McAfeeD ti!B193CF76307F
FireEye Generic.mg.b2e56a7b3dd03c80
Sophos Troj/AsyncRat-B
Ikarus Backdoor.AsyncRat
Jiangmin Trojan.Banker.MSIL.hol
Webroot W32.Dropper.Gen
Google Detected
Avira TR/Dropper.Gen
MAX malware (ai score=87)
Kingsoft malware.kb.c.1000
Microsoft Backdoor:MSIL/AsyncRat.AD!MTB
ZoneAlarm HEUR:Backdoor.MSIL.Crysan.gen
GData MSIL.Backdoor.DCRat.D
Varist W32/Samas.B.gen!Eldorado
AhnLab-V3 Malware/Win32.RL_Generic.C4267562
BitDefenderTheta Gen:NN.ZemsilF.36808.dm0@aSmk2@h
DeepInstinct MALICIOUS
VBA32 OScope.Backdoor.MSIL.Crysan
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/GdSda.A
Tencent Trojan.MSIL.Agent.kr
SentinelOne Static AI - Malicious PE
MaxSecure Win.MxResIcn.Heur.Gen
Fortinet MSIL/Agent.CFQ!tr
AVG Win32:DropperX-gen [Drp]
CrowdStrike win/malicious_confidence_100% (D)