MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8071d6607613c65aa69aaf0fa05ca22c67b50d3f231b224726321e8d8bfbcaa6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DCRat


Vendor detections: 13


Intelligence 13 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8071d6607613c65aa69aaf0fa05ca22c67b50d3f231b224726321e8d8bfbcaa6
SHA3-384 hash: 9ceec9db9f3b980b37e2a96577679c02ecb9d6a26dbe319d23d5391afe4897ab7d1b7bfc91d5a100b1ee27ed707644db
SHA1 hash: 6cd7ab5d925e679efd0255f6543513808f9d5560
MD5 hash: a278ae193c852c9348d2e54a2e2379eb
humanhash: sad-video-rugby-nine
File name:a278ae193c852c9348d2e54a2e2379eb.exe
Download: download sample
Signature DCRat
Create hunting rule
File size:131'584 bytes
First seen:2023-10-11 19:07:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:F8RlusaYCQUfzbspKNMOccF6l3iMAelbWTz6kLYXDMxY:FRscQUMyMOUIGbW9S
Threatray 813 similar samples on MalwareBazaar
TLSH T1D6D3B700A8D5CD77DBA99533FDE012439A2A5D9DF1932B251A03FB540CEAFB68D22374
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:DCRat exe RAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
292
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
asyncrat
Create hunting rule
ID:
1
File name:
a278ae193c852c9348d2e54a2e2379eb.exe
Verdict:
Malicious activity
Analysis date:
2023-10-11 19:44:53 UTC
Tags:
loader rat asyncrat remote
Link:
https://app.any.run/tasks/03f4882d-ab2f-4c50-a8d0-587bf0409c83

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/453404/
Detection(s):
Win.Packed.Msilzilla-10008468-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP GET request
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a file
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Unauthorized injection to a recently created process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm configsecuritypolicy evasive hacktool lolbin mpcmdrun msconfig regedit replace
Link:
https://www.filescan.io/uploads/6526f293422e14c65a8d611c/reports/c6ca55e8-9f5c-4f5b-b307-96188054c0e5/overview
Verdict:
Malicious
Labled as:
IL:Trojan.MSILZilla
Link:
https://www.hybrid-analysis.com/sample/8071d6607613c65aa69aaf0fa05ca22c67b50d3f231b224726321e8d8bfbcaa6
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
AsyncRAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/48498d93-5412-406d-be70-5cbae18725ec
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8071d6607613c65aa69aaf0fa05ca22c67b50d3f231b224726321e8d8bfbcaa6/
Threat name:
ByteCode-MSIL.Backdoor.AsyncRAT
Create hunting rule
Status:
Malicious
First seen:
2023-10-07 15:41:19 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
22 of 38 (57.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qby5mydwcpdfvju2v4h2axfcfrt3kdj7emnserzggipi3c73zkta._file
Verdict:
malicious
Similar samples:
188599d3566db6b2a16fbc7a8ca1fc58a3a92a75522a13beb4f0cb2f8cd1da7d
DCRat
3444679e8ab3dc7856d7410fa9f39ddb0bd9ed15fe4b08e0d3667356eb20310f
DCRat
456ca399370ae37bc6c08d48765dc8774033196def17a913779491af5ce7067d
DCRat
9e8d48b2e481955031b79a7d7b5e41cad46456f87e23b35872384176b4599ed0
DCRat
a5226c1f77fea3121d22601708268631dcd48c473d105ba68158e7010d23029b
DCRat
b06b398feb7402b0dfe6173944da3413160c8608d60c89fa5311b65892135f5c
DCRat
e6edbb0fb96c996b09c2d5460e3beedc387e49f4d90d85e3ba977a4eb53be0c9
DCRat
e9862583e03d49e791f0aaabb974ba4054cea75a57fec9660b59dd3342cd65de
DCRat
fd39f37e9252c859a76f65c193c869826503be3c815eab4e95cd883be307a550
DCRat
ffe3c7b9f0b7218cec1080486f9c88bb40f003f9e2c5c50f2ec6531574d86740
DCRat
+ 803 additional samples on MalwareBazaar
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat botnet:default rat
Link:
https://tria.ge/reports/231011-xs71lahd67/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Downloads MZ/PE file
Async RAT payload
AsyncRat
Malware Config
C2 Extraction:
18.118.199.163:80
Unpacked files
SH256 hash:
8071d6607613c65aa69aaf0fa05ca22c67b50d3f231b224726321e8d8bfbcaa6
MD5 hash:
a278ae193c852c9348d2e54a2e2379eb
SHA1 hash:
6cd7ab5d925e679efd0255f6543513808f9d5560
Link:
https://www.unpac.me/results/959cc517-433f-4e05-b1c4-2052112c5653/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.91
Link:
https://yomi.yoroi.company/submissions/8071d6607613c65aa69aaf0fa05ca22c67b50d3f231b224726321e8d8bfbcaa6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_no_import_table
Create hunting rule
Author:qux
Description:Detects exe does not have import table

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/453404/

Comments