MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 505305c24cced11623e247100c1ac6beb3e738470d56a4d2eee116b6b884cbff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DCRat


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 505305c24cced11623e247100c1ac6beb3e738470d56a4d2eee116b6b884cbff
SHA3-384 hash: 5f31e78a32379e90dc70921481ad51b2a6d62b2fc1e09aee74c4a9945784ae138929e5fbae23344bf58e779345192358
SHA1 hash: 3f085eef1dfdc4373737ce163574d25bbc3be282
MD5 hash: b431827a5003a02e771be393aef8dd44
humanhash: maine-wisconsin-apart-oregon
File name:b431827a5003a02e771be393aef8dd44.bin
Download: download sample
Signature DCRat
Create hunting rule
File size:2'075'136 bytes
First seen:2023-03-04 20:55:51 UTC
Last seen:2023-03-04 22:29:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ed70d493c31fe7e849b88ee21606c62 (3 x RedLineStealer, 1 x DCRat, 1 x Babuk)
ssdeep 24576:PpjOLg3zLTIi2dJpo/HxuONl7m5EKWOo+xwsbHatdKU6pioCFP:hq8UhJpofVK6KWOo4wsTaSozFP
Threatray 2 similar samples on MalwareBazaar
TLSH T110A51210B9D78073E263113146E4EBB19B3E7A104B6658EF6BD50F7D4F345C09A33AAA
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:bin DCRat exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
232
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
dcrat
Create hunting rule
ID:
1
File name:
https://anonfiles.com/Mem5Q5bbz9/Synapse_x_cracked_exe
Verdict:
Malicious activity
Analysis date:
2023-03-04 08:52:12 UTC
Tags:
rat backdoor dcrat stealer
Link:
https://app.any.run/tasks/b03c55d9-08f1-4d15-8c7f-9f5aca22f52f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DCRat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/371651/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.18461.7930.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Сreating synchronization primitives
Using the Windows Management Instrumentation requests
Sending a custom TCP request
DNS request
Connecting to a non-recommended domain
Sending an HTTP GET request
Creating a window
Searching for synchronization primitives
Reading critical registry keys
Creating a file in the %temp% directory
Forced shutdown of a system process
Stealing user critical data
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6403b0655961badabfa992f9/reports/9944b90c-b056-4583-9631-931fed3784f8/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/505305c24cced11623e247100c1ac6beb3e738470d56a4d2eee116b6b884cbff
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e1898233-2c07-47f2-80e2-86389d5e2e38
Result
Threat name:
DCRat
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1187214
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Yara detected DCRat
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/505305c24cced11623e247100c1ac6beb3e738470d56a4d2eee116b6b884cbff/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2023-03-04 21:04:29 UTC
File Type:
PE (Exe)
AV detection:
22 of 25 (88.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kbjqlqsmz3irmi7ci4iaygwgx2z6oochbvlkjuxo4ellnoeezp7q._file
Verdict:
unknown
Similar samples:
bde7460d3722147c96f86d77a16bb308e452d127f1cddf2c0f8f722aa68450b3
DCRat
cdf2c7d2460732ca3cd40e473f1eaaaa668ca915841d34914d5aa231942e9728
DCRat
Result
Malware family:
dcrat
Create hunting rule
Score:
  10/10
Tags:
family:dcrat infostealer rat
Link:
https://tria.ge/reports/230304-zq1vlsec2s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
DCRat payload
DcRat
Unpacked files
SH256 hash:
213345b47b5397a688a8e020f36c07aed19163c35a9ec32fc06d569b7c0d9654
MD5 hash:
7578e749f1a7e42acfaa78b6b718db26
SHA1 hash:
f65e009efff389ed0ac2abac5c2eaafa300ee363
Link:
https://www.unpac.me/results/c18e3f51-05ca-4481-aa37-b544789b0a2b/
SH256 hash:
505305c24cced11623e247100c1ac6beb3e738470d56a4d2eee116b6b884cbff
MD5 hash:
b431827a5003a02e771be393aef8dd44
SHA1 hash:
3f085eef1dfdc4373737ce163574d25bbc3be282
Link:
https://www.unpac.me/results/c18e3f51-05ca-4481-aa37-b544789b0a2b/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/505305c24cce/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/505305c24cced11623e247100c1ac6beb3e738470d56a4d2eee116b6b884cbff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/371651/

Comments