MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb60a1b440e724320be0da80d1804440d329e5be5ae318563c6cf858ce26008a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DCRat


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb60a1b440e724320be0da80d1804440d329e5be5ae318563c6cf858ce26008a
SHA3-384 hash: b4d03e50deacc3e07d18dc5b23022b4f3b71eb2e7d299e482da0a0c7cff8effa916b79270f3e7928f8e7d2ed663fc45c
SHA1 hash: 972396e32b40487bc94e58b8de3daefb04afe599
MD5 hash: eb28d38d600798a08161657098614d19
humanhash: magazine-two-green-montana
File name:file
Download: download sample
Signature DCRat
Create hunting rule
File size:954'426 bytes
First seen:2022-12-03 16:57:56 UTC
Last seen:2022-12-03 18:27:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5d1347f36e9b27f5470825188b98453f (1 x DCRat, 1 x RedLineStealer)
ssdeep 24576:klqFe997J46tH3pP2iazAw6LnWg5a41n7pYl53x8om2CzGtb:kYMj7J46tH3pP2iazr6L7X7aiz0
Threatray 2'643 similar samples on MalwareBazaar
TLSH T1CD15CF0FF53984C4C86457BDD2BFE790A8DCB288C9D97FC9707EA83825683643A9C585
TrID 32.2% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
20.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.8% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter andretavare5
Tags:DCRat exe


Avatar
andretavare5
Sample downloaded from https://vk.com/doc760750097_657373814?hash=YQFuhXa1RYVXH3VfDj1EnZg1gZ2R8LLAZ06OcHqdi5k&dl=G43DANZVGAYDSNY:1670086364:E6dXHQzMA85pNuqW4iYZT0byW43nfuWZWP2OL9lsES8&api=1&no_preview=1#t

Intelligence

File Origin
# of uploads :
17
# of downloads :
216
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2022-12-03 16:59:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2a850803-b11f-4688-ad48-8435c14fe9bd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DCRat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/342314/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.12532.16889.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Sending a custom TCP request
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug overlay packed spyeye
Link:
https://www.filescan.io/uploads/638b801c9a505ad9423d005d/reports/035bf89e-3ca0-4ed0-86d6-560f6420a658/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/695ded2a-f5ec-43f7-8ba3-375802491a31
Result
Threat name:
DCRat
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
57 / 100
Link:
https://www.joesandbox.com/analysis/1127152
Signature
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Malicious sample detected (through community Yara rule)
Writes to foreign memory regions
Yara detected DCRat
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb60a1b440e724320be0da80d1804440d329e5be5ae318563c6cf858ce26008a/
Threat name:
Win32.Trojan.Strab
Create hunting rule
Status:
Malicious
First seen:
2022-12-03 16:58:14 UTC
File Type:
PE (Exe)
AV detection:
14 of 26 (53.85%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xnqkdnca44sdec7a3kandaceidjstzn6llrrqvr4nt4frtrgacfa._file
Verdict:
unknown
Similar samples:
2e7c0e72ebe65df6ed44631550c14d1dfce5c0a540ed450df984802890b25c53
DCRat
33b18a85c6b49af6f5025ada7db397fad10b6e1d0c25d98b9ac557c3024a2ac4
DCRat
6461952908bf12e4e88547e8e736d9665a76590cf09f7c0c97c649e4f668453d
DCRat
c1266acce2c7a4c69f64c2226a8f780b2688ecf0f1812d0083a85648d350a666
DCRat
c3d08c9293f87258ab312e53d5b830c60aa4717a9dc87a76d34f421ba19ad6a9
DCRat
cd716a11679b98b42382e72283c0fa785d8a4b041bee8044a2c7dffae2142446
DCRat
+ 2'633 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/221203-vgtmqahe69/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Uses the VBS compiler for execution
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/661b3164-6b3a-417f-9f4e-53077481aa60
Unpacked files
SH256 hash:
8740e9895d40f9cf2a8ea3659e61677c354a1b844ecd712048974bc05f7d28ae
MD5 hash:
5f7cb795d9ae69cebab6bc29890052f9
SHA1 hash:
3dc7afcb70e32e864229d0db5b3f09965b088528
Link:
https://www.unpac.me/results/94b6332f-f868-4a83-9f7a-d36b0d52d4d7/
SH256 hash:
a7e2b22b46126de04b90fcf6ce91d001c775ce5f42134af0d0fbcf1f64f7314e
MD5 hash:
da7e90e5fa9b6c02ab70e456f95e454f
SHA1 hash:
ffd6492770afe0309f734cc00474832c002fd6ac
Link:
https://www.unpac.me/results/94b6332f-f868-4a83-9f7a-d36b0d52d4d7/
SH256 hash:
bb60a1b440e724320be0da80d1804440d329e5be5ae318563c6cf858ce26008a
MD5 hash:
eb28d38d600798a08161657098614d19
SHA1 hash:
972396e32b40487bc94e58b8de3daefb04afe599
Link:
https://www.unpac.me/results/94b6332f-f868-4a83-9f7a-d36b0d52d4d7/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/bb60a1b440e7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.23
Link:
https://yomi.yoroi.company/submissions/bb60a1b440e724320be0da80d1804440d329e5be5ae318563c6cf858ce26008a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/342314/

Comments