MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc742c33c446a25e6482c4209436088415d5c89a7f8ab66f37f16006d62344ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DCRat


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc742c33c446a25e6482c4209436088415d5c89a7f8ab66f37f16006d62344ac
SHA3-384 hash: 61fb4e9d68ecd4a63dc5459baaa2cc060d9ec63ce692fd775c169c2d92d27ca7573984f65e83daac460d58cc0fe0f413
SHA1 hash: 4513e2088ef68d3dd9dcb7d861f58f86449775c5
MD5 hash: 865390590db1085971f093d98b8d9fc0
humanhash: oven-connecticut-sad-rugby
File name:Joyhak_v7.2-11.06.2020.bin
Download: download sample
Signature DCRat
Create hunting rule
File size:666'871 bytes
First seen:2020-06-12 13:39:35 UTC
Last seen:2020-06-12 14:59:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4bb6c97d0fd6fbaeabdd43515fbc6b28 (17 x DCRat, 1 x NanoCore)
ssdeep 12288:Qo4JzBT1CFGwfG+dfcTG0X9avk020twrNQ/JcwmEO3wFuKCWuW5tsc9bbJYRjZ:QnsfG0Wtavk020UkPBOgFuQz5tsc9xYv
Threatray 251 similar samples on MalwareBazaar
TLSH 3DE423DFCEB48502CC86A87063B5CC1B6A3E03EB1D2442613659F7862EA7BD5BF4944D
Reporter JAMESWT_WT

Code Signing Certificate

Organisation:Microsoft Time-Stamp Service
Issuer:Microsoft Time-Stamp PCA
Algorithm:sha1WithRSAEncryption
Valid from:Oct 24 21:07:36 2018 GMT
Valid to:Jan 10 21:07:36 2020 GMT
Serial number: 330000011E12F4418E294736C600000000011E
Thumbprint Algorithm:SHA256
Thumbprint: 292A74C8CC234C53C7AED5CD15BFAB58510AA9D3A79866B77BF5F76FA2AC8623
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10070/
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.LightStone
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 12:38:55 UTC
File Type:
PE (Exe)
Extracted files:
51
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2bfcc18ff3157d5b800d7d8f3d2ca77a131f228a7e37c64632977073efa9d279
DCRat
2eaf25d2c99eb49743060031a22428bb7c8e78a99869638cfe43b977dda57f22
DCRat
3e3ab416abadd9093b15f9dcce92f3530709aba8addff16a74e89bd3a7bfd8fd
DCRat
41eef1a870eaea8573585611d3fd3b9f0fb30ed20ffe94e7082b8925b12c329d
DCRat
c9783969d5474b7035fab8eb6acfedd475ec7297cd8042f5a188b21c48b9491a
DCRat
cbf010e4d58f12ac1a0ce0ef5e29636c13a3a6ee5b052aae7cad7e9a95448276
DCRat
d6c73d397215d259bfb6168e9c0a6c29bb8e684509877e0ec62aba0c817a25fa
DCRat
ef72449dd56a1628cc56a50809c914fef2b5a59ca51b06e78e1c822d8938252d
DCRat
f32e731527a2a3fa24a75c8732c2e236dfb6dd4f09c50add479d6cf9e018d34c
DCRat
f9b7ef320dd7f76be9bdf12f14f0875a9f52165b989376cd1f2e2d23cdb52fe5
DCRat
+ 241 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion upx
Link:
https://tria.ge/reports/201109-bq4ckdv5nn/
Behaviour
Creates scheduled task(s)
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies registry class
Program crash
Drops file in Program Files directory
Loads dropped DLL
Disables Task Manager via registry modification
Executes dropped EXE
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10070/

Comments