MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ec16e4c4fd0a80322418ea661e4dd3b427f7369078d85f64069588624752bdc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DCRat


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ec16e4c4fd0a80322418ea661e4dd3b427f7369078d85f64069588624752bdc
SHA3-384 hash: d0b68c3e273d9d087d13b15d69d7e71ad0bc706553adfcc024f6b54c867bd1176d28935a7b7460f6acc9b6d8281abcf8
SHA1 hash: 5f182fd1e6ab20a58b2e4010e9d88ee0755dea07
MD5 hash: 3cec5fd58c7007f1050086d6c03876ca
humanhash: happy-cola-thirteen-fruit
File name:88万u入金案例z.exe
Download: download sample
Signature DCRat
Create hunting rule
File size:965'120 bytes
First seen:2022-05-26 13:25:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 32c5de998b5f069b26c94c8143b13c06 (7 x DCRat, 6 x AsyncRAT, 3 x QuasarRAT)
ssdeep 24576:LRMqFJtK3D0258yi/NMdCRnqcyl6ieU9AiteAb3VbMSAeCfGJs9271UyQ2/q:FNdZyi/CoRn5+gU9Au7nAeCfGJs92716
Threatray 12'314 similar samples on MalwareBazaar
TLSH T12625D0147C61E172F7D2B670251AA0F8EBB61DB22D39F9FE11B033543B721A7E225055
TrID 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
21.3% (.EXE) Win64 Executable (generic) (10523/12/4)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f0f0b2b371c0f0f0 (1 x DCRat)
Reporter obfusor
Tags:DCRat exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
284
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
asyncrat
Create hunting rule
ID:
1
File name:
88万u入金案例z.exe
Verdict:
Malicious activity
Analysis date:
2022-05-26 14:07:09 UTC
Tags:
trojan asyncrat
Link:
https://app.any.run/tasks/e0daa0d1-cdc7-4225-8095-7d8f66d5aa8a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/274756/
Detection(s):
SecuriteInfo.com.BackDoor.AsyncRATNET.1.2836.6159.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/628f7fc9206e0816183f4dd1/reports/900beb8d-42d8-4f42-8156-f94216b746ba/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
AsyncRAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4384c5b0-7cdb-4a9d-beb6-003b84a46fe5
Result
Threat name:
AsyncRAT, DcRat
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1002142
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected unpacking (changes PE section rights)
Found malware configuration
Hides threads from debuggers
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Snort IDS alert for network traffic
Tries to detect virtualization through RDTSC time measurements
Yara detected AsyncRAT
Yara detected DcRat
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8ec16e4c4fd0a80322418ea661e4dd3b427f7369078d85f64069588624752bdc/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2022-05-20 20:02:00 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
28 of 41 (68.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
18a5c872854f70b391af0696978bfb35d8ae08059971dd9eb8219f5aef40c026
DCRat
1e857555be92a0e4bfa8c0e5dc5b7b91a08e6daea0036e3bf23d3d3de79e495f
DCRat
7b483b575f88d063ec7d84405be25d5d29579133e9951e5f7b5e2b0d9632472f
DCRat
7c28b994aeb3a85e37225cc20bae2232f97e23f115c2a409da31f353140c631e
DCRat
8795836a86dc61f9fe1d4b3f798ebf3a4c1900ddac2f207f4d1f46e87b85850f
DCRat
887aae4c40ef5ac852dcb98c50598ae087e21ba02456b35da67365fcfa6fea9b
DCRat
9c7feb98fb5804f1f80dd03db1f84a06b68ea6043d2d34ab53edce82b83827b2
DCRat
+ 12'304 additional samples on MalwareBazaar
Result
Malware family:
asyncrat
Create hunting rule
Score:
  10/10
Tags:
family:asyncrat botnet:data2 rat
Link:
https://tria.ge/reports/220526-qphg7sffdq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Enumerates physical storage devices
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Async RAT payload
AsyncRat
Malware Config
C2 Extraction:
154.211.6.212:8848
Unpacked files
SH256 hash:
8ec16e4c4fd0a80322418ea661e4dd3b427f7369078d85f64069588624752bdc
MD5 hash:
3cec5fd58c7007f1050086d6c03876ca
SHA1 hash:
5f182fd1e6ab20a58b2e4010e9d88ee0755dea07
Link:
https://www.unpac.me/results/fd83acb3-321e-491e-bb62-40163b15953a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8ec16e4c4fd0a80322418ea661e4dd3b427f7369078d85f64069588624752bdc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/274756/

Comments