MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2429a2781600f34cc23b3dacba4ce58fbbadc90dac50ab80043601293534b95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DCRat

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	a2429a2781600f34cc23b3dacba4ce58fbbadc90dac50ab80043601293534b95
SHA3-384 hash:	6c1d3f23841401fcb9cb9212a866a4e45cebec2f731577660c2e225be9f555f2d707ccb6cd5a8ca9bd27d6d83d102b4a
SHA1 hash:	910940e382ce02b58d6fb427cbed8f82f86eae68
MD5 hash:	d1a4c91610248942942f6dda018deca7
humanhash:	may-magazine-nuts-dakota
File name:	a2429a2781600f34cc23b3dacba4ce58fbbadc90dac50ab80043601293534b95.exe
Download:	download sample
Signature	DCRat Create hunting rule
File size:	1'839'616 bytes
First seen:	2023-07-01 14:04:13 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d0d0c5195b832915f0889026e5b9d987 (1 x DCRat, 1 x AsyncRAT)
ssdeep	12288:rUFqSBXeGSRbnCUU/zzbgVDYgfyxZoScTD69OoZ+QHRGYp794FleoD8sSaUurn6r:r67X4vYToAstrn6rBwyUpjMrFU/eFKY
Threatray	859 similar samples on MalwareBazaar
TLSH	T11985383DF588118BDC3AE13EC8A99BF8966678020B12B2D76C85066F9D335D40E7DED1
TrID	44.4% (.EXE) Win64 Executable (generic) (10523/12/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	obfusor
Tags:	DCRat exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

326

Origin country :

HK

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/404864/

Detection(s):

SecuriteInfo.com.Variant.Lazy.349968.23915.27475.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

DNS request

Sending a custom TCP request

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/64a0328f204315fbc16c0d35/reports/d8d9acb0-89d7-493d-83f5-a292ce4be6e6/overview

Verdict:

Malicious

Labled as:

Lazy.Generic

Link:

https://www.hybrid-analysis.com/sample/a2429a2781600f34cc23b3dacba4ce58fbbadc90dac50ab80043601293534b95

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/327dc36c-e392-4a48-af6d-2360da23f76e

Result

Threat name:

AsyncRAT

Detection:

malicious

Classification:

troj

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1264522

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AsyncRAT

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a2429a2781600f34cc23b3dacba4ce58fbbadc90dac50ab80043601293534b95/

Threat name:

Win64.Malware.Lazy

Status:

Malicious

First seen:

2023-07-01 14:05:06 UTC

File Type:

PE+ (Exe)

AV detection:

5 of 37 (13.51%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ujbjuj4bmahtjtbdwpnmxjgold53vxeq3lcqvoaainqbfe2tjokq._file

Verdict:

malicious

Similar samples:

3436e23e0db4fdd4f4e6337781fc283c94d87665819970477332564538210826

4fd20682fbc3324675f319d9c2961d002ff409c3bbd4afc6e19dd7e8f2135ac9

5af7cfae0ad82f0e1d210bacf1fb6bbc9a15f0b62f88af71dbf9abf3a436ddd8

6cf0ea817a842b6b6149d1c613cf22a1dfbb729c3b8ab2f1a34e372ab66f5c65

9a81ab49c6050ff00b7833246fd4727aa43b1d8b3c095549846157784103ea24

ba2c8fcdef3c1675e57b94c9a7b04088a68d98110cf1ddf509eae437f731b138

d0fef87fd7e5a7214773deef4c445970147c88d5335867b552f9d4d22ef0231b

df5958a9823d8990969a3a03a628e3e50eea124f457c38367a28202d3f431407

+ 849 additional samples on MalwareBazaar

Result

Malware family:

asyncrat

Score:

10/10

Tags:

family:asyncrat botnet:default rat

Link:

https://tria.ge/reports/230701-rdtlrsab2v/

Behaviour

Suspicious use of AdjustPrivilegeToken

Async RAT payload

AsyncRat

Malware Config

C2 Extraction:

7593352b2g.imdo.co:28870

Unpacked files

SH256 hash:

a2429a2781600f34cc23b3dacba4ce58fbbadc90dac50ab80043601293534b95

MD5 hash:

d1a4c91610248942942f6dda018deca7

SHA1 hash:

910940e382ce02b58d6fb427cbed8f82f86eae68

Link:

https://www.unpac.me/results/a41813ee-e84e-42e3-861e-1010ceb9de37/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

iSpy Keylogger

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a2429a2781600f34cc23b3dacba4ce58fbbadc90dac50ab80043601293534b95

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/404864/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample