MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd0dc7ad62d2a66b164ba36dc395ab67466fcd519ceaffd62ccebf5ddb60a340. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DCRat

Vendor detections: 16

Intelligence 16 IOCs YARA File information Comments 1

SHA256 hash:	dd0dc7ad62d2a66b164ba36dc395ab67466fcd519ceaffd62ccebf5ddb60a340
SHA3-384 hash:	b6959b17757deba27d46adbae24a896887b2087a81f16d99877d22d1a4a8db0e82d02e377ef95e70325c7e3d970badbd
SHA1 hash:	7d67cf9ab7f48aa349e92bfef3dce7fc960ee7ad
MD5 hash:	ea35b0859a343c66e692a216e3f64835
humanhash:	sink-arkansas-vegan-hamper
File name:	0x0006000000023232-196
Download:	download sample
Signature	DCRat Create hunting rule
File size:	2'362'880 bytes
First seen:	2023-12-30 10:56:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	24576:oTBtcKbmAfpW2eIIsgpeipCjT2Dr9RwjpFDXdWvZOcbbNj4N2fUuBk87cr5TfToI:ol+KbmAR7O3peyL8
TLSH	T135B58D95BF95F7E2DD441BFC8812168A4F26E7B55E08030B1069E6DFEF234D09A0EDA1
TrID	40.4% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 31.8% (.CPL) Windows Control Panel Item (generic) (57583/11/19) 7.2% (.SCR) Windows screen saver (13097/50/3) 5.8% (.EXE) Win64 Executable (generic) (10523/12/4) 3.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
Reporter	e24111111111111
Tags:	DCRat exe

Intelligence

File Origin

# of uploads :

# of downloads :

289

Origin country :

Vendor Threat Intelligence

Malware family:

asyncrat

ID:

File name:

d0d8566e5537f7d1c749632eafdd9475e89ca672376dba56055815538d80f2aa.exe

Verdict:

Malicious activity

Analysis date:

2023-12-30 11:14:12 UTC

Tags:

asyncrat

Link:

https://app.any.run/tasks/c3ba2abb-c8ca-48e0-9a68-d58cf18f7405

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

Sanesecurity.Malware.29669.UNOFFICIAL

Win.Malware.Generickdz-9865912-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

DNS request

Sending a custom TCP request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug anti-vm configsecuritypolicy confuserex evasive hacktool lolbin mpcmdrun msconfig net njrat rat regedit replace

Link:

https://www.filescan.io/uploads/658ff77f10642636b38b59f5/reports/c830cd5c-1589-45e1-be3f-4dba5479d837/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/dd0dc7ad62d2a66b164ba36dc395ab67466fcd519ceaffd62ccebf5ddb60a340

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

AsyncRAT

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a72c076b-f1d6-4cdb-886d-f275efbfa9eb

Result

Threat name:

AsyncRAT, DcRat

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1368238

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Detected unpacking (changes PE section rights)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Protects its processes via BreakOnTermination flag

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AsyncRAT

Yara detected DcRat

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/dd0dc7ad62d2a66b164ba36dc395ab67466fcd519ceaffd62ccebf5ddb60a340

Detection:

dcrat

Link:

https://mwdb.cert.pl/sample/dd0dc7ad62d2a66b164ba36dc395ab67466fcd519ceaffd62ccebf5ddb60a340/

Threat name:

ByteCode-MSIL.Backdoor.AsyncRAT

Status:

Malicious

First seen:

2023-05-19 12:41:17 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

20 of 23 (86.96%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3ug4pllc2ktgwfslunw4hfnlm5dg7tkrttvp7vrmz27v3w3aunaa._file

Result

Malware family:

asyncrat

Score:

10/10

Tags:

family:asyncrat rat

Link:

https://tria.ge/reports/231230-m19t2sddfp/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Async RAT payload

AsyncRat

Unpacked files

SH256 hash:

dd0dc7ad62d2a66b164ba36dc395ab67466fcd519ceaffd62ccebf5ddb60a340

MD5 hash:

ea35b0859a343c66e692a216e3f64835

SHA1 hash:

7d67cf9ab7f48aa349e92bfef3dce7fc960ee7ad

Detections:

DCRat

INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice

SUSP_NET_NAME_ConfuserEx

INDICATOR_SUSPICIOUS_EXE_DcRatBy

INDICATOR_SUSPICIOUS_EXE_B64_Artifacts

Link:

https://www.unpac.me/results/2022f5b1-dd85-42a4-8c8b-629b5988247a/

Parent samples :

dd0dc7ad62d2a66b164ba36dc395ab67466fcd519ceaffd62ccebf5ddb60a340
d0d8566e5537f7d1c749632eafdd9475e89ca672376dba56055815538d80f2aa
80c91ecaab6a6a6a7a8cb3df47b111f031ea41beab9f8b8386f4c1bc8d18ff21
994ea35144e43c0074f6d60ccff844cc70d0a2b34ad9b583a7316e17aec94e2f

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/dd0dc7ad62d2a66b164ba36dc395ab67466fcd519ceaffd62ccebf5ddb60a340

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

Kasibe commented on 2023-12-30 12:00:35 UTC

AsyncRAT