MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d430a737d1acdc9c5ffda2cb230d6080cb1c401b635a8e75a2cbd38f1a630f31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DCRat


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d430a737d1acdc9c5ffda2cb230d6080cb1c401b635a8e75a2cbd38f1a630f31
SHA3-384 hash: 4e475e9809114aae4de9a287671271dc24057e3ebdb521b3c44b1f209e155353e651124ba9e9c0ef0a76beebcecb731f
SHA1 hash: 7940cbbfee4fa11c36835a99b742ad1344fbc038
MD5 hash: 0c48c053cfaf9154e18e60848f3ccafb
humanhash: floor-angel-foxtrot-king
File name:d430a737d1acdc9c5ffda2cb230d6080cb1c401b635a8e75a2cbd38f1a630f31
Download: download sample
Signature DCRat
Create hunting rule
File size:1'253'376 bytes
First seen:2021-08-30 07:04:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:RegOkTV+9lJui3emZqIEKqj0wTsSOPkvIYr7FOF8R+4:oxfOt77kCQ
Threatray 142 similar samples on MalwareBazaar
TLSH T13E4528127A4ADD02D129173BC9DF442887ECA9427B66DB1A7E9F33AD71123A70D0D1CE
Reporter JAMESWT_WT
Tags:DCRat exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d430a737d1acdc9c5ffda2cb230d6080cb1c401b635a8e75a2cbd38f1a630f31
Verdict:
Malicious activity
Analysis date:
2021-08-30 07:17:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b32131db-9c50-4c36-833d-4555166f840c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/183579/
Detection(s):
Win.Malware.Uztuby-9848412-0
Create hunting rule

Win.Packed.Uztuby-9851623-0
Create hunting rule

Win.Packed.Uztuby-9875336-0
Create hunting rule

Win.Packed.Uztuby-9877681-0
Create hunting rule

Win.Packed.Uztuby-9878629-0
Create hunting rule

Win.Packed.Basic-9887353-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Connection attempt
Sending an HTTP GET request
Creating a file
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ab98e179-6325-40f1-8a8d-b699007003a6
Result
Threat name:
DCRat
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/842019
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected DCRat
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d430a737d1acdc9c5ffda2cb230d6080cb1c401b635a8e75a2cbd38f1a630f31/
Threat name:
ByteCode-MSIL.Backdoor.LightStone
Create hunting rule
Status:
Malicious
First seen:
2021-08-26 00:46:00 UTC
File Type:
PE (.Net Exe)
AV detection:
35 of 46 (76.09%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0446e34ae6ce7f9cca130d58f9dcf0485e2d4ec5010eefbec4c826918c72e3ae
DCRat
0757a3b97f39c1d8a6c3d94770762a3912304cfaffa0330761945acd7f236213
DCRat
0b976213f5961eb9720219d2624463ec6acc8947004710c7e9885746e2e27234
DCRat
0e439b622658ab71228c7388ec456c7baf041046d7eff1a37bc9c02177c324ed
DCRat
427eaaff3e1ad963dcb643bbc7c81a6338b544816ef22924c7b5d62a5ae55f70
DCRat
65dee75f5d4f0d7e0c1065a689ebe79f67c87a4d3d9654193164128e859a0ddd
DCRat
cba27621d4b7c92fd50bf37135e150b45097ca9306061ed7049f802047bbd1b9
DCRat
f98183a2ad674f8aae6ad47e7da8b48c80175148ba333f0f57b3e6eca64bfaa6
DCRat
+ 132 additional samples on MalwareBazaar
Result
Malware family:
dcrat
Create hunting rule
Score:
  10/10
Tags:
family:dcrat rat
Link:
https://tria.ge/reports/210830-mdj6n5hewn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
f7d0a36d2f80e3034aa11258925dc93a0e623ed0ea2834e254d211af7aad5ee4
MD5 hash:
5d6030915e38c573ef67c0a03fb59cc1
SHA1 hash:
d144b106e07c4f501999aa3f316a3eeba9f67648
Link:
https://www.unpac.me/results/4bbb4b1f-e252-4e29-a543-01166033f8ab/
Parent samples :
e0fa9c62364826149547d32728d06d155bdc6a54e90554695f8039bd7b73d036
54de552295e919218a7d43a1d0114bae169a79a1963113d615fd8bce428b385d
2774262a54ea6008d5b508f4d95eb811bd5d7dc50e1c0659d016ab33d966e729
aa7a05956ca47e164a10a94d0bdbe01123b84eb01fad5e581e1e72b10d93d5a9
26547389ff741eeba887fe39ec5f253d6597c03d1ffaf65c007ae5c40d897d5a
SH256 hash:
c96575c29c985d084b6c86214e6f8caf7744dfdc6be16e0735e10d6507eeb858
MD5 hash:
45a5fa9bc4847d72a4ee3e32b236dcf0
SHA1 hash:
b5703726a787fb2a513ca11b840ad118bb6fa65a
Link:
https://www.unpac.me/results/4bbb4b1f-e252-4e29-a543-01166033f8ab/
Parent samples :
54de552295e919218a7d43a1d0114bae169a79a1963113d615fd8bce428b385d
2774262a54ea6008d5b508f4d95eb811bd5d7dc50e1c0659d016ab33d966e729
SH256 hash:
c71cddeb07c8a4d1f4ac0474a0f942118c94382bb1018af183f2987ed70134d0
MD5 hash:
df6cf267bfb480b70c689c87bbf7705d
SHA1 hash:
b0975f5493dfe6ae99d37e858f5d3f64418bd5c9
Link:
https://www.unpac.me/results/4bbb4b1f-e252-4e29-a543-01166033f8ab/
SH256 hash:
de4842a406708fcdb7d85f0fa7a33996d1676f4f6546adad36561de0710f8ec9
MD5 hash:
206882d8dcff1d77a7d4762f7b135c63
SHA1 hash:
a51637f3aa3d4ff8831fd9d1b1666f98942b1ed8
Link:
https://www.unpac.me/results/4bbb4b1f-e252-4e29-a543-01166033f8ab/
SH256 hash:
69e2e00d2984bd1c7bb42b972e43f56d61951a04e00834d05564240ddd198950
MD5 hash:
245c027f35b15118f47fe044c842d3cd
SHA1 hash:
567755f062684e09850321cdeaf95d4e0597dbba
Link:
https://www.unpac.me/results/4bbb4b1f-e252-4e29-a543-01166033f8ab/
Parent samples :
54de552295e919218a7d43a1d0114bae169a79a1963113d615fd8bce428b385d
2774262a54ea6008d5b508f4d95eb811bd5d7dc50e1c0659d016ab33d966e729
SH256 hash:
48d6be0ff082776c566a19459a5963f08d2c4d4a1c947de7a99b07560e236295
MD5 hash:
1ea5ecfbe64e314d9bb062046d5bfb75
SHA1 hash:
3ceeb4ea27ac76da489a55f242faf11ee0a2d2a2
Link:
https://www.unpac.me/results/4bbb4b1f-e252-4e29-a543-01166033f8ab/
Parent samples :
54de552295e919218a7d43a1d0114bae169a79a1963113d615fd8bce428b385d
2774262a54ea6008d5b508f4d95eb811bd5d7dc50e1c0659d016ab33d966e729
SH256 hash:
d430a737d1acdc9c5ffda2cb230d6080cb1c401b635a8e75a2cbd38f1a630f31
MD5 hash:
0c48c053cfaf9154e18e60848f3ccafb
SHA1 hash:
7940cbbfee4fa11c36835a99b742ad1344fbc038
Link:
https://www.unpac.me/results/4bbb4b1f-e252-4e29-a543-01166033f8ab/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d430a737d1acdc9c5ffda2cb230d6080cb1c401b635a8e75a2cbd38f1a630f31

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/183579/

Comments