b6d61b7a6991292dc41fe5e9797f54b3397a2663a154183e9adfeb1999db66b7 | Triage

Resubmissions

11/03/2024, 15:16

240311-snpw1aea3y 3

11/03/2024, 15:15

240311-smwyxsaa63 7

Sharing

Copy URL Twitter E-mail

General

Target

DCRat.rar
Size

12.4MB
Sample

240311-smwyxsaa63
MD5

c2ace8ac6e4acba9a5a4bf20b11f5c1a
SHA1

57b90e157ef47c3f9bc637e388859d0136f22c1f
SHA256

b6d61b7a6991292dc41fe5e9797f54b3397a2663a154183e9adfeb1999db66b7
SHA512

a0c3fbbc5bc9e2c075181031772550fb062b5e2876ad10d61edd279c74762758f3571ef00996c76f883ef5ac1db325260fa9a96fb21731459489cbaa3955f596
SSDEEP

393216:jnc27JVRyjWlN+8RxF3onWkeQ9kcksum6xckXudbe5PX:jnc4JbyPcxly9e8DLWvw65PX

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  DCRat/Bypass_license.bat
- Size
  
  15B
- MD5
  
  09b6a88df7acf3abf502d14080b19cbe
- SHA1
  
  aa4f2abafeed57902c79567d01b0ec1a2de61838
- SHA256
  
  3b5a5f8cbbab77312ce55d1dd8599b24ea660fcec42c4af8760987ae1ecddfe5
- SHA512
  
  fe17f417b7c727b0bf16d4eed3a47229dd01961948ef11322669f64f8c43fb35601752269bbad961de8e29fd2b9f6134ba7f1ddf3e4262b9320f56805ef6a692
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
behavioral1 behavioral2
- Target
  
  DCRat/DCRat.exe
- Size
  
  10.1MB
- MD5
  
  7044c6ebff03d70a3caf0d07b66a6fd0
- SHA1
  
  5ba520de22cc71b4d260c63724ec9786005a2c75
- SHA256
  
  181fdc378c5f5af1b1741e92d27a596bbca97cc99c08d0c4b17dfdb0067e0787
- SHA512
  
  fa8856f7d4a34271ff82b268404310dc23ae84db09e178210fc08e5927a413d1fa0c31cbe3b9a3c2fe69413f8299ac06d56979f183edbb69af7eea9700033b0c
- SSDEEP
  
  196608:lQKgk/l2H3PU5ye6Vp6FGDtcrrQEhyB2Rkdn:Opm8XPUERWFG3ay0Ri
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
behavioral3 behavioral4
- Target
  
  DCRat/dcrat_updservice.exe
- Size
  
  3.6MB
- MD5
  
  2ebba84c4bbe13fdc53c9082918d5969
- SHA1
  
  fc95a94f45468593d1d85544e1928401484256cf
- SHA256
  
  1a232abb03338036811688110b5a6d85b4a7c3fbf83a059db8aa8ed7d6d57e70
- SHA512
  
  29b248bf1b88e0798669fa9aa3bfbe37479a7d5f63c0c70a5d732cf20490c9ab69b811a56a802e223ff769f419f8accb01d7e50b728913e171efd8ea7fcc69b6
- SSDEEP
  
  98304:YRk4EIkn6pNrHJWGs2NyqeoNE/7SRYYJcl:YSd6pJHJack+Yl
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral5 behavioral6
- Target
  
  DCRat/plugins/TestDCLIB/file.dclib
- Size
  
  6KB
- MD5
  
  0b25452a0707f1091bfbd0eee2092b04
- SHA1
  
  c457658c6c49523b9095dabcc11fc426cf99cf36
- SHA256
  
  297f15033b833bb4f41c7933d171561c4b4c278a2253c5d6bcb21a6e3d45a3f5
- SHA512
  
  5f3120280962bdc2c3b4ad932684f4f71e017e6bc92a8a106eea716d0c9b900e3bb492cfbf94657162b79c0928cf1380a0e6765dd20330168e837a95d9d8a8c2
- SSDEEP
  
  96:1jwE3EfTj8Sp+0zsTRBKmSTnqMEGyZ+xhZu9RPUmmtpV:GpzsmDmMEL+5uRsRl
Score

1^/10
behavioral7 behavioral8
- Target
  
  DCRat/plugins/TestDefault/file.vbs
- Size
  
  34B
- MD5
  
  677cc4360477c72cb0ce00406a949c61
- SHA1
  
  b679e8c3427f6c5fc47c8ac46cd0e56c9424de05
- SHA256
  
  f1cccb5ae4aa51d293bd3c7d2a1a04cb7847d22c5db8e05ac64e9a6d7455aa0b
- SHA512
  
  7cfe2cc92f9e659f0a15a295624d611b3363bd01eb5bcf9bc7681ea9b70b0564d192d570d294657c8dc2c93497fa3b4526c975a9bf35d69617c31d9936573c6a
Score

1^/10
behavioral10 behavioral9
- Target
  
  DCRat/updatelauncher.bat
- Size
  
  89B
- MD5
  
  1a6fbac1fe1c64769c3023fcf63ec7c0
- SHA1
  
  7de57187d96221c83af29b50bb5cfed7ff8aca4a
- SHA256
  
  f80ea6a1125249adc6307291c4a1488e40da39ec9cc0b657abb3d1b7b1e8a02b
- SHA512
  
  4287ec23984c198c19b07ff250f237ed15e204c2d77cc025e04fde61e4771f038a4c40f01d944c59d512e60fe17b00df86fd0d36a7a8a4ad70d26fd16648d970
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12