MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd5460a5bf5fa33337175b1ea11cf6a8194600098363395ef927973001250fad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DCRat


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd5460a5bf5fa33337175b1ea11cf6a8194600098363395ef927973001250fad
SHA3-384 hash: 832713c6c992356748b6e9299a490e83080654d46a3d3acac928b0f16e28526a8d54068463a0fa5400784969fed0d2d8
SHA1 hash: 45871f13cd126cc80501232c81b89a3a33b26aff
MD5 hash: 316a273b07bbb61f73758eded4918a79
humanhash: burger-massachusetts-speaker-zulu
File name:316a273b07bbb61f73758eded4918a79.exe
Download: download sample
Signature DCRat
Create hunting rule
File size:175'616 bytes
First seen:2023-02-23 08:59:18 UTC
Last seen:2023-02-23 10:28:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 75023d1aaa9742c3badde875bddd15dc (1 x DCRat)
ssdeep 3072:D73rlojEOQTFL7sQ8mAU1grhV/hsn1UptYEeDUvtSjoHFe04bc7:D7WAOQTNL8mkHGFOtSUHic
Threatray 516 similar samples on MalwareBazaar
TLSH T1F304C04723E120F9E1328A39C9A12555D7B6F8260332DF6F4754429A2F27AD1CD3AF72
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:DCRat exe RAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
246
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
316a273b07bbb61f73758eded4918a79.exe
Verdict:
No threats detected
Analysis date:
2023-02-23 09:22:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/caa615be-4427-4d57-b3de-af29a07b1011

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/369221/
Detection(s):
SecuriteInfo.com.Variant.Cerbu.98962.22854.32392.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
asyncrat cerbu greyware meterpreter packed shelma
Link:
https://www.filescan.io/uploads/63f72b1301b99ad33e82d401/reports/e318b255-14a5-40e3-92f0-596271bd59fe/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/fd5460a5bf5fa33337175b1ea11cf6a8194600098363395ef927973001250fad
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dllhijack
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/42d03c3d-4ac1-4d9f-b523-8cceb34d0321
Result
Threat name:
AsyncRAT, DcRat
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1181162
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AsyncRAT
Yara detected DcRat
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd5460a5bf5fa33337175b1ea11cf6a8194600098363395ef927973001250fad/
Threat name:
Win64.Backdoor.AsyncRAT
Create hunting rule
Status:
Malicious
First seen:
2023-02-20 11:37:28 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
30 of 39 (76.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7vkgbjn7l6rtgnyxlmpkchhwvamumaajqnrtsxxze6ltaajfb6wq._file
Verdict:
malicious
Label(s):
asyncrat
Create hunting rule
Similar samples:
29372ef20086423e80fecb84a9ad7980f781433772c6d05f3134037ab819badc
DCRat
b019743a2d8f648bbe2d91149e2b4d368ec619a279930421adc2ce6c50d8c098
DCRat
b73694f482085281fba7fc9176da365d802dc1302f3b9072f72dfbf308474365
DCRat
ba2c8fcdef3c1675e57b94c9a7b04088a68d98110cf1ddf509eae437f731b138
DCRat
cf1de08c2a552617a6e8591a2bd25c72d597854e9564246a700329aa60b08be7
DCRat
d0fef87fd7e5a7214773deef4c445970147c88d5335867b552f9d4d22ef0231b
DCRat
+ 506 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/230223-kyb4wshb5z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Adds Run key to start application
Unpacked files
SH256 hash:
fd5460a5bf5fa33337175b1ea11cf6a8194600098363395ef927973001250fad
MD5 hash:
316a273b07bbb61f73758eded4918a79
SHA1 hash:
45871f13cd126cc80501232c81b89a3a33b26aff
Link:
https://www.unpac.me/results/22275d3e-e8e9-456e-81ba-ae2042f3493e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fd5460a5bf5fa33337175b1ea11cf6a8194600098363395ef927973001250fad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/369221/

Comments