s2
--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

MB-e41b601b827be4def235a9d406f836d7b981fdf08d07ee00d3ec9c9003f402d7 high

📛 Threat Title

AsyncRAT: vibesync.exe

Category: AsyncRAT Published: Source updated: First seen: Last updated: Source: Abuse.ch

Description

File type: exe. Size: 213504 bytes. Tags: anarchyrat, asyncrat, autorun, dotnet, exe, obfuscated, rat, spreader, vibesync. Reporter: anonymous. First seen: 2026-05-14 05:49:02.

Remediations (8)

  • Host remediation fails with error: "Cannot download VIB: This might be ...
    web:knowledge.broadcom.com

    The host remediation fails due to a metadata mismatch caused by previously synced updates that do not align with the updated download URLs configured with the current download token in Lifecycle Manager (LCM).

  • Use Remediations to Detect and Fix Support Issues - Microsoft Intune
    web:learn.microsoft.com

    Learn more about Remediations in Microsoft Intune, including what Remediations are and view any prerequisites and licensing requirements. Also, learn how to deploy built-in and custom remediation scripts, and learn how to monitor your scripts.

  • How to Troubleshoot Intune Remediation Scripts Locally
    web:scloud.work

    When a proactive remediation script fails to work as expected, it's much faster to test it locally than wait for the next sync from Intune. In this post, I'll show you how I troubleshoot Intune remediation scripts directly on a Windows device. This includes script locations, relevant logs, and registry entries that help verify what […]

  • Device Remediation status misleading | Microsoft Community Hub
    web:techcommunity.microsoft.com

    Device Remediation status misleading Maybe I'm just missing something here, but when a Remediation script repeats on a schedule, how can we tell if devices were remediated? All devices report "Without Issues" and ZERO devices fixed, but I know the script ran and fixed the problem weeks ago. Say I have 100 devices assigned to the script:

  • Intune Package uninstall failure on uninstall assignment | Microsoft ...
    web:techcommunity.microsoft.com

    Hello,I'm new to this community. Having an issue with Intune and the uninstall assignment with a particular program. Up till now its all been pretty straight...

  • Intune : 15 Must-Have Remediation Scripts - LinkedIn
    web:www.linkedin.com

    Intune remediation refers to the process of using Microsoft Intune to automatically detect and fix common issues on managed devices. This is achieved through remediation scripts, which consist of ...

  • When SentinelOne mitigated a threat, but you don't understand ... - Reddit
    web:www.reddit.com

    If you don't have the in house staff to perform the threat analysis or threat hunting, you need a SOC. You could look at black point cyber since your are a PAX 8 customer. You currently have the detection portion of EDR, but not the analysis and remediation piece. You can't compare Symantec to Sentinel One, they aren't the same. Sentinel One IMO, is a far superior product, and in the years we ...

  • How to use Intune Remediation script - System Center Dudes
    web:www.systemcenterdudes.com

    In this post, we will describe how to use Intune Remediation script with an example to uninstall an application based on detection script.

Indicators of Compromise (5)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

domain vibesync.exe VT: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/domains/vibesync.exe

IOC database

Type
domain
Value
vibesync.exe
First seen
Last seen
Attached to this threat
Appears in
1 threat
Description
Extracted from Threat MB-e41b601b827be4def235a9d406f836d7b981fdf08d07ee00d3ec9c9003f402d7

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

VirusTotal: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/domains/vibesync.exe

hash_imphash f34d5f2d4577ed6d9ceec516c1f5a744

IOC database

Type
hash_imphash
Value
f34d5f2d4577ed6d9ceec516c1f5a744
First seen
Last seen
Attached to this threat
Appears in
370 threats
Description
imphash of URLhaus payload 61d424c2e3c5d8db…

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

hash_sha256 e41b601b827be4def235a9d406f836d7b981fdf08d07ee00d3ec9c9003f402d7 VT: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/files/e41b601b827be4def235a9d406f836d7b981fdf08d07ee00d3ec9c9003f402d7
1 feed

IOC database

Type
hash_sha256
Value
e41b601b827be4def235a9d406f836d7b981fdf08d07ee00d3ec9c9003f402d7
First seen
Last seen
Attached to this threat
Appears in
2 threats
Description
Unknown

Open the full IOC page →

Threat Hunt — feed corroboration

Listed by 1 threat-intel feed vendor: Abuse.ch. Open in Threat Hunt →

Details From VirusTotal

VirusTotal: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/files/e41b601b827be4def235a9d406f836d7b981fdf08d07ee00d3ec9c9003f402d7

hash_sha1 ddca151d4d96fe062efa306c9c3f68a00267791a VT: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/files/ddca151d4d96fe062efa306c9c3f68a00267791a
2 feeds

IOC database

Type
hash_sha1
Value
ddca151d4d96fe062efa306c9c3f68a00267791a
First seen
Last seen
Attached to this threat
Appears in
2 threats

Open the full IOC page →

Threat Hunt — feed corroboration

Listed by 2 threat-intel feed vendors: Abuse.ch, threatview.io. Open in Threat Hunt →

Details From VirusTotal

VirusTotal: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/files/ddca151d4d96fe062efa306c9c3f68a00267791a

hash_md5 21c0d80b1c30f7b7c1d3c402bf4a50d4 VT: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/files/21c0d80b1c30f7b7c1d3c402bf4a50d4
2 feeds

IOC database

Type
hash_md5
Value
21c0d80b1c30f7b7c1d3c402bf4a50d4
First seen
Last seen
Attached to this threat
Appears in
2 threats

Open the full IOC page →

Threat Hunt — feed corroboration

Listed by 2 threat-intel feed vendors: Abuse.ch, threatview.io. Open in Threat Hunt →

Details From VirusTotal

VirusTotal: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/files/21c0d80b1c30f7b7c1d3c402bf4a50d4

References (1)

  • MalwareBazaar sample page Abuse.ch

    File type: exe. Size: 213504 bytes. Tags: anarchyrat, asyncrat, autorun, dotnet, exe, obfuscated, rat, spreader, vibesync. Reporter: anonymous. First seen: 2026-05-14 05:49:02.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.