MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536
SHA3-384 hash:	0886ef32fe30c6c9097a8c350c82911f2d2fddbf76c64fe4b25595e3c202a06fe5ff7373fb0b400ecc1db690ce2b9f50
SHA1 hash:	ed4910a3fe14f26a0a98ceb204ac054408c85a38
MD5 hash:	6d9e487ea1469c940f2533324beead56
humanhash:	florida-delaware-quebec-eighteen
File name:	70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536
Download:	download sample
File size:	2'444'309 bytes
First seen:	2020-06-10 07:32:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ae4ae436602a0fced8410c4c48e4ae05 (1 x DCRat)
ssdeep	49152:2+yvFDhff7AZqXPELX2Qpt1eU7GISsK0dS3vg/IAkKxO:+xAZqXPEz2UtgbISsbdYvpKw
Threatray	261 similar samples on MalwareBazaar
TLSH	D1B52339B2C49A73E2B73F384E33705568BEBE111D68044B35DF9E1CBA395827D6424A
Reporter	JAMESWT_WT

Intelligence

File Origin

# of uploads :

1

# of downloads :

63

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-6

Win.Malware.Vasal-7370294-0

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Ymacco

Status:

Malicious

First seen:

2020-06-03 01:03:46 UTC

File Type:

PE (Exe)

Extracted files:

27

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

1aca49752cef2bb58d097e0ac96963e32f14e4e6b1e6e24e11125d1e9ef54cf2

23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374

43ed3081859def68a8b2ef50292e6d9dcbac7aea6ddb03de294fb9ed367c9f06

6ec6d3425cc3bdc664f5938119469a2947ad061dac33fafbd303998c9311a254

70f8a912b0343b177f6c04ea6a642dd85f68044728e5481e86cfe8311ed86e21

79afc9b39ba7fe7dd6ed282d39eb915bb47271d552177f62c6606b99901f9cd2

b5e39716f576e5ff21e945560a98ee7ca7309491b2b7f2643728cd341b9c19de

c7962bac550ffe20ff69bbcecea355ea9689fa1e76506d3d8343f1b1f5619706

f0b43b05479d8dde3603ef587da02925b703d7d5bc8332656ab9ca7f7e1554a4

f2e2cb71a06ac2a95a02168fc3d91f160e6e07ca19c5e6d3d708a9a486dd3f92

+ 251 additional samples on MalwareBazaar

Result

Malware family:

dcrat

Score:

10/10

Tags:

family:dcrat infostealer rat upx

Link:

https://tria.ge/reports/201109-awh4rrj18x/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies registry class

Program crash

Drops startup file

Loads dropped DLL

Executes dropped EXE

DC Rat Payload

ServiceHost packer

DcRat

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample