YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash ba02b7e4b3080e991d7eab522cff8afe1b84b554a7c33328bcdab0e64c70572a.

Scan Results

SHA256 hash: ba02b7e4b3080e991d7eab522cff8afe1b84b554a7c33328bcdab0e64c70572a
File size:46'080 bytes
File download: Original Unpacked
MIME type:application/x-dosexec
MD5 hash: d8d5a26c3a638c37258302a1b5c04bd6
SHA1 hash: e43205856cef9bf944e2bbe2fa0861da2174c6d5
SHA3-384 hash: 9f0794a232b58ae1ce1a0d163a92e487405366f734ed6ed9fc85220978cf2310c73d1ffe9d8f7be29f2c34275324d37a
First seen:2026-01-21 06:28:53 UTC
Last seen:Never
Sightings:1
imphash : f34d5f2d4577ed6d9ceec516c1f5a744
Create hunting rule
ssdeep : 768:Gu6ZdTAYhbJWUh9Nzmo2qLSUPB+lOOFPIwzjbzgX3idHwKK6XJ2bGBDZmx:Gu6ZdTAur21iUOOCw3bsXSdQKZkbIdmx
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:74c8cf40-f692-11f0-9df4-42010aa4000b
File name:d8d5a26c3a638c37258302a1b5c04bd6
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Win.Packed.AsyncRAT-9856570-1
Create hunting rule
Signature:Win.Packed.AsyncRAT-9861056-1
Create hunting rule
Signature:Win.Packed.Razy-9625918-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:AsyncRat
Create hunting rule
Author:kevoreilly, JPCERT/CC Incident Response Group
Description:AsyncRat Payload
TLP:TLP:WHITE
Repository:CAPE
Rule name:asyncrat
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect AsyncRat in memory
Reference:internal research
TLP:TLP:WHITE
Repository:CAPE
Rule name:asyncrat_kingrat
Create hunting rule
Author:jeFF0Falltrades
TLP:TLP:WHITE
Repository:CAPE
Rule name:classified
Description:classified
Rule name:DebuggerCheck__RemoteAPI
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse
Create hunting rule
Author:ditekSHen
Description:Detects file containing reversed ASEP Autorun registry keys
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:MAL_AsnycRAT
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects AsnycRAT based on it's config decryption routine
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:MAL_AsyncRAT_Config_Decryption
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects AsnycRAT based on it's config decryption routine
TLP:TLP:WHITE
Rule name:Mal_WIN_AsyncRat_RAT_PE
Create hunting rule
Author:Phatcharadol Thangplub
Description:Use to detect AsyncRAT implant.
TLP:TLP:WHITE
Repository:YARAify
Rule name:malware_asyncrat
Create hunting rule
Description:detect AsyncRat in memory
Reference:https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp
TLP:TLP:WHITE
Repository:JPCERTCC
Rule name:malware_asyncrat
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect AsyncRat in memory
Reference:internal research
TLP:TLP:WHITE
Repository:JPCERTCC
Rule name:msil_suspicious_use_of_strreverse
Create hunting rule
Author:dr4k0nia
Description:Detects mixed use of Microsoft.CSharp and VisualBasic to use StrReverse
TLP:TLP:WHITE
Repository:
Rule name:Multifamily_RAT_Detection
Create hunting rule
Author:Lucas Acha (http://www.lukeacha.com)
Description:Generic Detection for multiple RAT families, PUPs, Packers and suspicious executables
TLP:TLP:WHITE
Repository:
Rule name:NET
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
TLP:TLP:WHITE
Repository:
Rule name:Njrat
Create hunting rule
Author:botherder https://github.com/botherder
Description:Njrat
TLP:TLP:WHITE
Repository:
Rule name:pe_imphash
Create hunting rule
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
TLP:TLP:WHITE
Repository:YARAify
Rule name:SUSP_DOTNET_PE_List_AV
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detecs .NET Binary that lists installed AVs
TLP:TLP:WHITE
Rule name:SUSP_Reverse_Run_Key
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects a Reversed Run Key
TLP:TLP:WHITE
Repository:SIFalcon
Rule name:win_asyncrat_bytecodes
Create hunting rule
Author:Matthew @ Embee_Research
Description:Detects bytecodes present in unobfuscated AsyncRat Samples. Rule may also pick up on other Asyncrat-derived malware (Dcrat/venom etc)
TLP:TLP:WHITE
Repository:embee-research
Rule name:win_asyncrat_j1
Create hunting rule
Author:Johannes Bader @viql
Description:detects AsyncRAT
TLP:TLP:WHITE
Repository:Sandnet
Rule name:win_asyncrat_unobfuscated
Create hunting rule
Author:Matthew @ Embee_Research
Description:Detects strings present in unobfuscated AsyncRat Samples. Rule may also pick up on other Asyncrat-derived malware (Dcrat/venom etc)
TLP:TLP:WHITE
Repository:YARAify
Rule name:win_asyncrat_w0
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect AsyncRat in memory
Reference:internal research
TLP:TLP:WHITE
Repository:Malpedia
Rule name:classified
Author:classified
Description:classified
TLP :TLP:AMBER
Rule name:Windows_Generic_Threat_ce98c4bc
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic
Rule name:Windows_Trojan_Asyncrat_11a11ba1
Create hunting rule
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.