MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 452025fa804107ed4d121a58ac4cf7d6c8e5e91c936c5245d0a215b948fc5f6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DCRat


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 452025fa804107ed4d121a58ac4cf7d6c8e5e91c936c5245d0a215b948fc5f6d
SHA3-384 hash: a1a3e45cbcab72da36c60f7d83ecdd81b343c0f3318f7815b33e8ebe713a7ea315ded17ff874f5ae917dae632f3cd938
SHA1 hash: e91de31114389a863c5912c9b8c06c7ad555bdcd
MD5 hash: 0c49a4e2c5f883c6be61584658a26fd4
humanhash: monkey-tennis-december-hamper
File name:DCyaz.bat
Download: download sample
Signature DCRat
Create hunting rule
File size:61'206 bytes
First seen:2023-01-11 14:08:25 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 1536:CpNrqKH8prCAiATNNEaAdyHhOz5YnthC4zbxjPR++uM:CpcebA7NEaAdGhA0EqVjpWM
Threatray 2'801 similar samples on MalwareBazaar
TLSH T15253E0B0C2C158217AA1CF9991CBDE3DABB2A7B3538150DCE042D59FF05BB814BA09F4
Reporter 0xToxin
Tags:bat DCRat

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
IL IL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DCyaz.bat
Verdict:
Malicious activity
Analysis date:
2023-01-11 14:11:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5e3fe473-55da-4ab8-95be-cd90a0e3e7b2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/351960/
Detection(s):
Can't access file ERROR
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/63bec2fffc9525ae8a454a4a/reports/28ee58af-db78-4e1c-b1b2-36274fd6994a/overview
Result
Verdict:
UNKNOWN
Result
Threat name:
AsyncRAT, DcRat
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1149618
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Renames powershell.exe to bypass HIPS
Yara detected AsyncRAT
Yara detected DcRat
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 782350 Sample: DCyaz.bat Startdate: 11/01/2023 Architecture: WINDOWS Score: 88 18 winery.nsupdate.info 2->18 22 Multi AV Scanner detection for domain / URL 2->22 24 Malicious sample detected (through community Yara rule) 2->24 26 Antivirus detection for URL or domain 2->26 28 3 other signatures 2->28 7 cmd.exe 2 2->7         started        signatures3 process4 file5 16 C:\Users\user\Desktop\DCyaz.bat.exe, PE32+ 7->16 dropped 30 Renames powershell.exe to bypass HIPS 7->30 11 DCyaz.bat.exe 16 7->11         started        14 conhost.exe 7->14         started        signatures6 process7 dnsIp8 20 winery.nsupdate.info 11->20
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/452025fa804107ed4d121a58ac4cf7d6c8e5e91c936c5245d0a215b948fc5f6d/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iuqcl6uaied62tisdjmkythx23eol2i4snwferoquik3ssh4l5wq._file
Verdict:
malicious
Similar samples:
266aa1bf199f3bd82bc8e708c177aeef4808e31c439f87d69b68efb8e07da996
DCRat
49e5b6a43eb0b1f3311af48ffaad03cb2b40354edb537d51a5f86855887f853c
DCRat
5084b2032e7376b0857d446a786c83b50d3fe6913a5dbfbe6bb4ad65751dbfac
DCRat
80c1568ef979e0d9881fa33ee69c3f8c15caa924acd4df9e4c951a7047577caa
DCRat
a44e7420e441548adddf0d79cc51e46211ebfa7dde08e5c95211eb3f95d0e570
DCRat
b26760b051260ea435c5c32f8e65cd200034495db040e58da7b453b3d57132a5
DCRat
d329a265d4005b2cb8902d6148ff5e4477f2203bc2e476e51e5895f9be99c53e
DCRat
d3850a52c492fd7be069cf02e5ca9da6bff3d30fa09b97aa3e9c79979f96d170
DCRat
fa6422c2f12f6bd2e3e59e7e6492e7573124d131a811bd0a5368b6f1365f3916
DCRat
+ 2'791 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/230111-rf4vhsdc22/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/452025fa804107ed4d121a58ac4cf7d6c8e5e91c936c5245d0a215b948fc5f6d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/351960/

Comments