General
-
Target
Dc Rat Cracked+Activated_install.exe
-
Size
12.1MB
-
Sample
230218-xwkz8sdb97
-
MD5
f00412c3ee8f146d7558348e910deed9
-
SHA1
d5d51ac94ea123cfdd57def46b81562ea98c4cff
-
SHA256
70825ba5a90d571a78e8acae635d5dd2b8c6cd2703598adb94f99db55f3c696a
-
SHA512
ac6f52e43bdb26a2a43b266d9aa8f0340ba3eca37a74b484208dc1c6f582c0ee1bab68df570b3d57b046111335dc02ac7c91f26ac963c2dd3dbd71cbb8d64608
-
SSDEEP
196608:VgTatkAKz1y4UgLLPcaJlscK/Vze5E5Dv6+QP8IlJh+xnem2BTeFjab5lhdI1z:VGb1yzCLEaJp2IEZv6+Ah+xnq4Gb5lI
Static task
static1
Behavioral task
behavioral1
Sample
Dc Rat Cracked+Activated_install.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
1.0.7
Default
verynice.ddns.net:8848
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
WindowsDefender.exe
-
install_folder
%Temp%
Targets
-
-
Target
Dc Rat Cracked+Activated_install.exe
-
Size
12.1MB
-
MD5
f00412c3ee8f146d7558348e910deed9
-
SHA1
d5d51ac94ea123cfdd57def46b81562ea98c4cff
-
SHA256
70825ba5a90d571a78e8acae635d5dd2b8c6cd2703598adb94f99db55f3c696a
-
SHA512
ac6f52e43bdb26a2a43b266d9aa8f0340ba3eca37a74b484208dc1c6f582c0ee1bab68df570b3d57b046111335dc02ac7c91f26ac963c2dd3dbd71cbb8d64608
-
SSDEEP
196608:VgTatkAKz1y4UgLLPcaJlscK/Vze5E5Dv6+QP8IlJh+xnem2BTeFjab5lhdI1z:VGb1yzCLEaJp2IEZv6+Ah+xnq4Gb5lI
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-