popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

gagagggagagag.exe

AsyncRAT .NET framework(MSIL) UPX Malicious Packer PE File OS Processor Check PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 26, 2024, 9:28 a.m. Aug. 26, 2024, 9:39 a.m.
Size 65.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 7f20b668a7680f502780742c8dc28e83
SHA256 9334ce1ad264ddf49a2fe9d1a52d5dd1f16705bf076e2e589a6f85b6cd848bb2
CRC32 A8691FD0
ssdeep 1536:DWqxSnrykLcFlmeA6Zdt/HCiCPEsfnhOjyXbZQG17uMJYfvISLWcx:DWYSrykLBEsfnheyXbZZNuxtXx
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • AsyncRat - AsyncRat Payload
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
185.16.38.41 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 185.16.38.41:20000 -> 192.168.56.101:49163 2030673 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) Domain Observed Used for C2 Detected
TCP 185.16.38.41:20000 -> 192.168.56.101:49163 2035595 ET MALWARE Generic AsyncRAT Style SSL Cert Domain Observed Used for C2 Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49163
185.16.38.41:20000 		CN=AsyncRAT Server CN=AsyncRAT Server c0:74:2f:cf:ac:08:26:95:4d:1f:b6:6f:1e:ab:22:b3:91:b1:75:90

host 185.16.38.41
Bkav W32.AIDetectMalware.CS
Elastic Windows.Trojan.Asyncrat
CAT-QuickHeal Trojan.Generic.TRFH1214
Skyhigh BehavesLike.Win32.Fareit.km
ALYac Gen:Trojan.Mardom.MN.15
Cylance Unsafe
VIPRE Gen:Trojan.Mardom.MN.15
Sangfor Suspicious.Win32.Save.a
BitDefender Gen:Trojan.Mardom.MN.15
Cybereason malicious.8a7680
Arcabit Trojan.Mardom.MN.15
VirIT Trojan.Win32.MSIL_Heur.B
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/AsyncRAT.A
APEX Malicious
McAfee Trojan-FVQO!7F20B668A768
Avast Win32:DropperX-gen [Drp]
ClamAV Win.Packed.Razy-9625918-0
Kaspersky HEUR:Trojan.Win32.Generic
MicroWorld-eScan Gen:Trojan.Mardom.MN.15
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Emsisoft Gen:Trojan.Mardom.MN.15 (B)
F-Secure Trojan.TR/Dropper.Gen
DrWeb BackDoor.AsyncRATNET.2
McAfeeD ti!9334CE1AD264
FireEye Generic.mg.7f20b668a7680f50
Sophos Troj/AsyncRat-B
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Generic.hrafs
Google Detected
Avira TR/Dropper.Gen
MAX malware (ai score=83)
Kingsoft malware.kb.c.1000
Microsoft Backdoor:MSIL/AsyncRat.AD!MTB
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Trojan.Mardom.MN.15
Varist W32/Samas.B.gen!Eldorado
AhnLab-V3 Malware/Win.Generic.C4980844
BitDefenderTheta Gen:NN.ZemsilF.36812.em0@aqh6slk
DeepInstinct MALICIOUS
VBA32 OScope.Backdoor.MSIL.Crysan
Malwarebytes Generic.Malware.AI.DDS
Ikarus Backdoor.AsyncRat
Panda Trj/GdSda.A
Tencent Trojan.MSIL.Agent.kr
huorong Backdoor/Crysan.a
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Agent.CFQ!tr
AVG Win32:DropperX-gen [Drp]
CrowdStrike win/malicious_confidence_100% (D)