General

  • Target

    DcRat.7z

  • Size

    4.0MB

  • Sample

    241107-df9twawndq

  • MD5

    836c2ae55c1baec789b83fa3d79d23b3

  • SHA1

    359a091da48369e1e8cea6e004826ee25a93b3db

  • SHA256

    68115c6e039363be3b80e416ed462d97f8c763af800237b1fa183cca1180bac5

  • SHA512

    e12f7438545f6615f84e37b81837127aacc79b4aadd3b212702bb662b0f752778ed15d646e8d657b318dfde57d2f893c18831bfb686a0ae1b7d62137c63080be

  • SSDEEP

    98304:ZuPQL6HZ4+zkMgDWby//eWG/mdBMXW3Jx3/EI+e+:Zuz4+zyDWbRL2s

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes
  • c2_url_file

    https://Pastebin.com/raw/fevFJe98

  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Release/DcRat.exe

    • Size

      12.3MB

    • MD5

      7fce411ea2b74f227489659113960b18

    • SHA1

      543d95b74193a188fe273ce7b065aa177405beb5

    • SHA256

      c73b1ffa39c5843b2ed951ac48350d1deb33db4057341f1dab1ee64ea1a62248

    • SHA512

      42de7bc4a0b47e1053ff3ff52a3f887e56759f81cfa691996a533d769e80f98b3e8dcf869785fce801d9cc7a2bc3d675e2eb832b520846b053d6b07093be2678

    • SSDEEP

      196608:XtfZFB2gaNIsNNNNKmvN8rNNNNNNNNNNHbL7aIXM1B7Z0/3G6tULs8wR:XlT81Bd+3G6

    Score
    10/10
    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • Async RAT payload

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      Release/Plugins/Audio.dll

    • Size

      22KB

    • MD5

      9834bb111cfe8084c4f88b10c246f4b0

    • SHA1

      68fc9f2e8df32a350a56300b3c2bc97f7159c340

    • SHA256

      b843447e46f13e5cddc2d3ccc974fdea22a03a4a393a9310787c56b9f18a4c5d

    • SHA512

      7b7f7b93c2094f8010fc8ee696a16d3fe8190ce79bfa1fa083a4a09d9d9bc187eb5b43ddd4674c3d11ddadca273c4c108a64d5d7316d923ddb2c351d0be556d9

    • SSDEEP

      384:FSRj1EfmW3sHmH+6kBdseXGDfICDzu5RQujuAa04FOkh6:FSRj1N0sHieK/7ouAhRO6

    Score
    1/10
    • Target

      Release/Plugins/Chat.dll

    • Size

      387KB

    • MD5

      485874ca1ca6a970edbf93deacade012

    • SHA1

      d6d94a485d4a43f538d305178408f34c032ece60

    • SHA256

      eb772c641008eb5d441c37095a4e0b395748b0246f187d30a92c9284e56507fd

    • SHA512

      2d49477be64537841de35973575b0f1d3aa44cda9cbe76e3b53fc4d31c8156caa6e1a33af6a60892f912a683b1600a264f256d913ed1a90499796b493ba4aef8

    • SSDEEP

      6144:pX0cZsaB6N83r2y/plBWnxfID/uKNlNQ7fOiLXyCrxO9w+KQqxe/t3y:pkcZBB6NKbBWnxfIvNr4siQqxZ

    Score
    1/10
    • Target

      Release/Plugins/Extra.dll

    • Size

      29KB

    • MD5

      00d372a4d492c46625e6a2bcf98e12f8

    • SHA1

      6663347f6dc00942e32127b4de64a55a348082df

    • SHA256

      df8bc945b8e62b82f31e5eb11f472392130becfcee16fd0832e7ae4f109a427e

    • SHA512

      051bb37839176ec7c22bf3af57ad3a3e162dd833074be2ea6be937663bb9e6a880007d99425debd6a39ebd255131076a84cd128806990bc253aaea385e656931

    • SSDEEP

      768:iYzenGCmW8NtQwcGLKfq5T4iqM60TSZh:ijGvmwRKf6hsT

    Score
    1/10
    • Target

      Release/Plugins/FileManager.dll

    • Size

      32KB

    • MD5

      67f3e90ab8453715362f181b55315e57

    • SHA1

      31b93df1ead2b4abe01234444965398b3fe93be0

    • SHA256

      1a311b860252d4aa0c306d9a4e580c1dce91a7f3a03e289ff02b3d4f59588276

    • SHA512

      6e8fb1d9f5d568376ab15894f1709d5aa0cb467cb34a1aa9ab3f0bfb78af8cfba76cb185cdfc797ba6afd30f88c9bcf79d118efc2999af12e6bbc21debd3a6cd

    • SSDEEP

      384:TEGHWHugXvIgTmm49cj7ddseXGMBNhD8mouIXA4Pcg4PYzMnIqE7GMiBrNelgc:Tb2fN49ydxZyXMXxnIr7GMarNM

    Score
    1/10
    • Target

      Release/Plugins/FileSearcher.dll

    • Size

      277KB

    • MD5

      6d837cc3170240963302c07cdb0cfa06

    • SHA1

      d6aab1c8842ef388a756259f49e97de3caaf2732

    • SHA256

      6ad83748dae28b4f8e6e93c54ff08fdb01c91eb4f510967145852a2c4b64703c

    • SHA512

      baaea2aaaa42d75012c7fcf735b31deb0531e35c7a6a9d93965630a3fa31e8fed836f98a850760eefc253a2ebc001be4c79956efdd6ce51289dd0296cf7c7f1b

    • SSDEEP

      3072:/GFYQ/KZdG6oE1nKSYfTvqCjUKidQTs2pccc9k1DEIWcSCSLeyYcEeI/KQ73Wmbn:/nwLrSYfDjtlAx9k1Aa4pE0

    Score
    1/10
    • Target

      Release/Plugins/Fun.dll

    • Size

      33KB

    • MD5

      4db70bd8aab4b9b62ce8c318db634b21

    • SHA1

      7f5b4b21a021b5fd95702426d97a62222d26520b

    • SHA256

      8b8ecd3edab14d136f3257411e2ff9436ae2eebc96f3613e84abdad0fb0a1f3c

    • SHA512

      78b59c833075b904c404eb860d309dd15c364032154401a910538bde573be90d7057e2ec390d76104b55da8e586660022633f5566950c1e0eea775474a282004

    • SSDEEP

      768:mOx2Xd9ySMAwQnf5vrTh4g7aRLGzx04XF:mOxA3nf5xeRLZM

    Score
    1/10
    • Target

      Release/Plugins/Information.dll

    • Size

      24KB

    • MD5

      3105d5c3eeca8a242e366369bf0f1f45

    • SHA1

      2ad3283dd949848db6ed4a844500d43a373b650b

    • SHA256

      a1a9dd40bcdf20ba208aca0f687fe4bb0a50cc9d62416253d9416400b1cbc9aa

    • SHA512

      66ab935e909bc53f9ab9dccf925dd19cb4160fb5e69249274be1a3a502ea1e8061f044dd92e473e5298f768f30e0455731f52532039e80b9cf507a1012201a98

    • SSDEEP

      384:oFvmkKbpmUGZdseXGvXhDYLuqInXx3McZhRaYzwM3tllsXxMSc:Y+kKb0bZIqInpXZhRtzAxMSc

    Score
    1/10
    • Target

      Release/Plugins/Keylogger.exe

    • Size

      10KB

    • MD5

      29104fc09f07bfe4dbb67b1158c295e4

    • SHA1

      4386610fd26b3c146838fb321626fcf776e2c803

    • SHA256

      4d8c478eb9b6d2128be7d43be944b125700a8f505ef7951679c974617898a03c

    • SHA512

      d72ef8d451cb49ae7af84811f1f2d785390fce36bcfa544505647ab123e506975f5fbd8bdeb17706a497e2a705a5d0aaf6f6058e54dac26724ff8439f3cbf928

    • SSDEEP

      192:jtmcuq6MYDxi4maEYbRzmEsLkTgv5JHTZeJYHcwY7fazhEi:jtlF6MWE9rUhVsL15pZrYylE

    Score
    1/10
    • Target

      Release/Plugins/Logger.dll

    • Size

      26KB

    • MD5

      a77594c93c6b1ae5e13b71df4cb030c0

    • SHA1

      8cd99c7365376445012f16f3fe9f22f0a0fda7bd

    • SHA256

      870507a66814c8eac8d062a9bd77614db8ef1ee81b17a865974d9e07bbd0318b

    • SHA512

      2fe23ae9f06f471c96bd91ec2ee91be69a7ef373d149a1cf9fdc83ac310f8d746ffb998c730588e0f7285bfbbe0709fa5938ccd77b50e53996323aecf5131cc6

    • SSDEEP

      384:xy2nOVC1a1WmAcsH2Co9KPdseXG8iIhDbuLCG4kNmBWuxb87AMFn:xrQ1hNsnPZ1JkQ875n

    Score
    1/10
    • Target

      Release/Plugins/Miscellaneous.dll

    • Size

      80KB

    • MD5

      0c49fa7e8a6191f95a5a411b216b5dfe

    • SHA1

      4476c1694437bcf7feb8eeed609d450a35fa578a

    • SHA256

      0f000db8616abb51a74b8fcf943a693b4c78518634df96b7a4546a870de15076

    • SHA512

      e4bb840a76c3e35dedf13bf1dda421c0cce4db06a043d181ef5bf02ffcb45e05216e4058f4080b46bb1f7f664f198c859c26d41906ecb4de168c2aaf1a36ffd4

    • SSDEEP

      1536:st8eSLHUxdQehszbHLofcV2jNnSe3Oy4kkiRa9Uig5StP197:smHUxdQeas0V2V3Oy4n4a9Uig5Sp7

    Score
    1/10
    • Target

      Release/Plugins/Netstat.dll

    • Size

      24KB

    • MD5

      add261063f3e20f12a77551a91f2c54c

    • SHA1

      96c658d7defd3515585d3b5c02cc0e6167670991

    • SHA256

      e8dfd4a2885084d0463b6c68041b601bb96bbc49962716e88f915edc64a97428

    • SHA512

      0030092a7e75f26ad67ed9d81e641d28d5db62270ccdb455941ec3a5d1c10e7cde4c9fa580f54614e17dbc61d3a1f176e119b1a7fdc93f9b5753ef8962f07512

    • SSDEEP

      384:+rl+bbgmsHmxSRmqe5HPwKRsJGAdseXGOhBReDmYuFCJG0BBF93NNRk+rs25x55j:+wbWGcMqc45L6eC1Bf9Tk+gn8sa

    Score
    1/10
    • Target

      Release/Plugins/Options.dll

    • Size

      373KB

    • MD5

      f623829ff9a5014f398432b4509fb9f8

    • SHA1

      f402bfeee72932b018368d1573b214b81f697536

    • SHA256

      f7a2cf016280a5e7a24a46d6e81a704bfccd6486b35afefc4601a8330895f85f

    • SHA512

      14b83f4d46824dfe804ac3229a354e2957b058db92100be93beddbc22b3b3a3afd4ad9326c4ba8e893836f34775223a797116ef85055636a24b46b7d4459417b

    • SSDEEP

      6144:5PcVUKQh7PTlFOEPDDeXmCIW89LQsgd/mVHeiOA7+Yi4kZd:5EVoVn2Xa9Lad+b+Yi4kr

    Score
    1/10
    • Target

      Release/Plugins/ProcessManager.dll

    • Size

      25KB

    • MD5

      856c461db8d31a410299c90e2d2fda0d

    • SHA1

      6dc8820ce249a75653aa54dbb51a2d752a448f39

    • SHA256

      fe64f6419cc7e3906c42e413bd844655a369fcc15c6ebd99b7951309e279509e

    • SHA512

      23e6baee7c15e09fea41d7f7d15d0a224241bf560e9b5573885fa448bf0560d6b8d22faba36a475bea961fb33f0289ab5229837f0b5d2b7971e50456ac7facbf

    • SSDEEP

      384:HiL3RGwNe7Nm1T33T9OZNA8SwCguRvsPzHdseXGii6ZDWl9UZ5QDBfqFucvAYFYL:HiL3A2eg1L3B7wUvsPT9mcvNYfLn

    Score
    1/10
    • Target

      Release/Plugins/Ransomware.dll

    • Size

      97KB

    • MD5

      1fd1dbefcb19ef46778ae437e82b3bdc

    • SHA1

      7e99fa5bf165f6ca552d5bc150d01c3bf26f7b74

    • SHA256

      fd0387ed6322079b9e95fb853e4ffc683782a221dcc49b740937cd0e173c6fad

    • SHA512

      b990058baef88ef5f415f52414ae01cca45bab6bf3cb1b7ab361509bc00b5ef1d36c262c6605baada07b56bbcf2ffc0d184640c2d0f05f8387069f2435eca137

    • SSDEEP

      1536:hQaxD6uxxNV41T56kDgJp+isYOmvZfi3Oqbh9rzvbVP:Kax2uxxNV41T5lkjvv83OqbjPZP

    Score
    1/10
    • Target

      Release/Plugins/Recovery.dll

    • Size

      1.3MB

    • MD5

      b4762c63cc383eb02cb093eeb88aecf1

    • SHA1

      a3a1fdd8612c63f6d62d5a62915966be8e922ba1

    • SHA256

      ec768f980b651a2fbbbcffb715bcac5214730c02ff21a1a987d6db9cb04f01e1

    • SHA512

      51a9a8665be79a043dafe114d577988d5ab74803ab738d4d7129136372c7e1db4719c83e98c6e3aa7a8374a84cca570b34274d6bf18272906e6504872c514a1e

    • SSDEEP

      24576:obiHpeKuuOcI8FeZ1H9StDW+gmGIX4exF9JdjT:obiHAG9cgymGIX4eBj

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

ratasyncrat
Score
10/10

behavioral1

asyncratdefaultrat
Score
10/10

behavioral2

asyncratrat
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10