Overview
overview
10Static
static
10Release/DcRat.exe
windows7-x64
10Release/DcRat.exe
windows10-2004-x64
10Release/Pl...io.dll
windows7-x64
1Release/Pl...io.dll
windows10-2004-x64
1Release/Pl...at.dll
windows7-x64
1Release/Pl...at.dll
windows10-2004-x64
1Release/Pl...ra.dll
windows7-x64
1Release/Pl...ra.dll
windows10-2004-x64
1Release/Pl...er.dll
windows7-x64
1Release/Pl...er.dll
windows10-2004-x64
1Release/Pl...er.dll
windows7-x64
1Release/Pl...er.dll
windows10-2004-x64
1Release/Pl...un.dll
windows7-x64
1Release/Pl...un.dll
windows10-2004-x64
1Release/Pl...on.dll
windows7-x64
1Release/Pl...on.dll
windows10-2004-x64
1Release/Pl...er.exe
windows7-x64
1Release/Pl...er.exe
windows10-2004-x64
1Release/Pl...er.dll
windows7-x64
1Release/Pl...er.dll
windows10-2004-x64
1Release/Pl...us.dll
windows7-x64
1Release/Pl...us.dll
windows10-2004-x64
1Release/Pl...at.dll
windows7-x64
1Release/Pl...at.dll
windows10-2004-x64
1Release/Pl...ns.dll
windows7-x64
1Release/Pl...ns.dll
windows10-2004-x64
1Release/Pl...er.dll
windows7-x64
1Release/Pl...er.dll
windows10-2004-x64
1Release/Pl...re.dll
windows7-x64
1Release/Pl...re.dll
windows10-2004-x64
1Release/Pl...ry.dll
windows7-x64
1Release/Pl...ry.dll
windows10-2004-x64
1General
-
Target
DcRat.7z
-
Size
4.0MB
-
Sample
241107-df9twawndq
-
MD5
836c2ae55c1baec789b83fa3d79d23b3
-
SHA1
359a091da48369e1e8cea6e004826ee25a93b3db
-
SHA256
68115c6e039363be3b80e416ed462d97f8c763af800237b1fa183cca1180bac5
-
SHA512
e12f7438545f6615f84e37b81837127aacc79b4aadd3b212702bb662b0f752778ed15d646e8d657b318dfde57d2f893c18831bfb686a0ae1b7d62137c63080be
-
SSDEEP
98304:ZuPQL6HZ4+zkMgDWby//eWG/mdBMXW3Jx3/EI+e+:Zuz4+zyDWbRL2s
Behavioral task
behavioral1
Sample
Release/DcRat.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Release/DcRat.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Release/Plugins/Audio.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Release/Plugins/Audio.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Release/Plugins/Chat.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Release/Plugins/Chat.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Release/Plugins/Extra.dll
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
Release/Plugins/Extra.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Release/Plugins/FileManager.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Release/Plugins/FileManager.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Release/Plugins/FileSearcher.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Release/Plugins/FileSearcher.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Release/Plugins/Fun.dll
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
Release/Plugins/Fun.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Release/Plugins/Information.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Release/Plugins/Information.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Release/Plugins/Keylogger.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Release/Plugins/Keylogger.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Release/Plugins/Logger.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
Release/Plugins/Logger.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Release/Plugins/Miscellaneous.dll
Resource
win7-20241023-en
Behavioral task
behavioral22
Sample
Release/Plugins/Miscellaneous.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Release/Plugins/Netstat.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Release/Plugins/Netstat.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Release/Plugins/Options.dll
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
Release/Plugins/Options.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Release/Plugins/ProcessManager.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Release/Plugins/ProcessManager.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Release/Plugins/Ransomware.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
Release/Plugins/Ransomware.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Release/Plugins/Recovery.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
Release/Plugins/Recovery.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
1.0.7
Default
DcRatMutex_qwqdanchun
-
c2_url_file
https://Pastebin.com/raw/fevFJe98
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Release/DcRat.exe
-
Size
12.3MB
-
MD5
7fce411ea2b74f227489659113960b18
-
SHA1
543d95b74193a188fe273ce7b065aa177405beb5
-
SHA256
c73b1ffa39c5843b2ed951ac48350d1deb33db4057341f1dab1ee64ea1a62248
-
SHA512
42de7bc4a0b47e1053ff3ff52a3f887e56759f81cfa691996a533d769e80f98b3e8dcf869785fce801d9cc7a2bc3d675e2eb832b520846b053d6b07093be2678
-
SSDEEP
196608:XtfZFB2gaNIsNNNNKmvN8rNNNNNNNNNNHbL7aIXM1B7Z0/3G6tULs8wR:XlT81Bd+3G6
-
Asyncrat family
-
Async RAT payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Release/Plugins/Audio.dll
-
Size
22KB
-
MD5
9834bb111cfe8084c4f88b10c246f4b0
-
SHA1
68fc9f2e8df32a350a56300b3c2bc97f7159c340
-
SHA256
b843447e46f13e5cddc2d3ccc974fdea22a03a4a393a9310787c56b9f18a4c5d
-
SHA512
7b7f7b93c2094f8010fc8ee696a16d3fe8190ce79bfa1fa083a4a09d9d9bc187eb5b43ddd4674c3d11ddadca273c4c108a64d5d7316d923ddb2c351d0be556d9
-
SSDEEP
384:FSRj1EfmW3sHmH+6kBdseXGDfICDzu5RQujuAa04FOkh6:FSRj1N0sHieK/7ouAhRO6
Score1/10 -
-
-
Target
Release/Plugins/Chat.dll
-
Size
387KB
-
MD5
485874ca1ca6a970edbf93deacade012
-
SHA1
d6d94a485d4a43f538d305178408f34c032ece60
-
SHA256
eb772c641008eb5d441c37095a4e0b395748b0246f187d30a92c9284e56507fd
-
SHA512
2d49477be64537841de35973575b0f1d3aa44cda9cbe76e3b53fc4d31c8156caa6e1a33af6a60892f912a683b1600a264f256d913ed1a90499796b493ba4aef8
-
SSDEEP
6144:pX0cZsaB6N83r2y/plBWnxfID/uKNlNQ7fOiLXyCrxO9w+KQqxe/t3y:pkcZBB6NKbBWnxfIvNr4siQqxZ
Score1/10 -
-
-
Target
Release/Plugins/Extra.dll
-
Size
29KB
-
MD5
00d372a4d492c46625e6a2bcf98e12f8
-
SHA1
6663347f6dc00942e32127b4de64a55a348082df
-
SHA256
df8bc945b8e62b82f31e5eb11f472392130becfcee16fd0832e7ae4f109a427e
-
SHA512
051bb37839176ec7c22bf3af57ad3a3e162dd833074be2ea6be937663bb9e6a880007d99425debd6a39ebd255131076a84cd128806990bc253aaea385e656931
-
SSDEEP
768:iYzenGCmW8NtQwcGLKfq5T4iqM60TSZh:ijGvmwRKf6hsT
Score1/10 -
-
-
Target
Release/Plugins/FileManager.dll
-
Size
32KB
-
MD5
67f3e90ab8453715362f181b55315e57
-
SHA1
31b93df1ead2b4abe01234444965398b3fe93be0
-
SHA256
1a311b860252d4aa0c306d9a4e580c1dce91a7f3a03e289ff02b3d4f59588276
-
SHA512
6e8fb1d9f5d568376ab15894f1709d5aa0cb467cb34a1aa9ab3f0bfb78af8cfba76cb185cdfc797ba6afd30f88c9bcf79d118efc2999af12e6bbc21debd3a6cd
-
SSDEEP
384:TEGHWHugXvIgTmm49cj7ddseXGMBNhD8mouIXA4Pcg4PYzMnIqE7GMiBrNelgc:Tb2fN49ydxZyXMXxnIr7GMarNM
Score1/10 -
-
-
Target
Release/Plugins/FileSearcher.dll
-
Size
277KB
-
MD5
6d837cc3170240963302c07cdb0cfa06
-
SHA1
d6aab1c8842ef388a756259f49e97de3caaf2732
-
SHA256
6ad83748dae28b4f8e6e93c54ff08fdb01c91eb4f510967145852a2c4b64703c
-
SHA512
baaea2aaaa42d75012c7fcf735b31deb0531e35c7a6a9d93965630a3fa31e8fed836f98a850760eefc253a2ebc001be4c79956efdd6ce51289dd0296cf7c7f1b
-
SSDEEP
3072:/GFYQ/KZdG6oE1nKSYfTvqCjUKidQTs2pccc9k1DEIWcSCSLeyYcEeI/KQ73Wmbn:/nwLrSYfDjtlAx9k1Aa4pE0
Score1/10 -
-
-
Target
Release/Plugins/Fun.dll
-
Size
33KB
-
MD5
4db70bd8aab4b9b62ce8c318db634b21
-
SHA1
7f5b4b21a021b5fd95702426d97a62222d26520b
-
SHA256
8b8ecd3edab14d136f3257411e2ff9436ae2eebc96f3613e84abdad0fb0a1f3c
-
SHA512
78b59c833075b904c404eb860d309dd15c364032154401a910538bde573be90d7057e2ec390d76104b55da8e586660022633f5566950c1e0eea775474a282004
-
SSDEEP
768:mOx2Xd9ySMAwQnf5vrTh4g7aRLGzx04XF:mOxA3nf5xeRLZM
Score1/10 -
-
-
Target
Release/Plugins/Information.dll
-
Size
24KB
-
MD5
3105d5c3eeca8a242e366369bf0f1f45
-
SHA1
2ad3283dd949848db6ed4a844500d43a373b650b
-
SHA256
a1a9dd40bcdf20ba208aca0f687fe4bb0a50cc9d62416253d9416400b1cbc9aa
-
SHA512
66ab935e909bc53f9ab9dccf925dd19cb4160fb5e69249274be1a3a502ea1e8061f044dd92e473e5298f768f30e0455731f52532039e80b9cf507a1012201a98
-
SSDEEP
384:oFvmkKbpmUGZdseXGvXhDYLuqInXx3McZhRaYzwM3tllsXxMSc:Y+kKb0bZIqInpXZhRtzAxMSc
Score1/10 -
-
-
Target
Release/Plugins/Keylogger.exe
-
Size
10KB
-
MD5
29104fc09f07bfe4dbb67b1158c295e4
-
SHA1
4386610fd26b3c146838fb321626fcf776e2c803
-
SHA256
4d8c478eb9b6d2128be7d43be944b125700a8f505ef7951679c974617898a03c
-
SHA512
d72ef8d451cb49ae7af84811f1f2d785390fce36bcfa544505647ab123e506975f5fbd8bdeb17706a497e2a705a5d0aaf6f6058e54dac26724ff8439f3cbf928
-
SSDEEP
192:jtmcuq6MYDxi4maEYbRzmEsLkTgv5JHTZeJYHcwY7fazhEi:jtlF6MWE9rUhVsL15pZrYylE
Score1/10 -
-
-
Target
Release/Plugins/Logger.dll
-
Size
26KB
-
MD5
a77594c93c6b1ae5e13b71df4cb030c0
-
SHA1
8cd99c7365376445012f16f3fe9f22f0a0fda7bd
-
SHA256
870507a66814c8eac8d062a9bd77614db8ef1ee81b17a865974d9e07bbd0318b
-
SHA512
2fe23ae9f06f471c96bd91ec2ee91be69a7ef373d149a1cf9fdc83ac310f8d746ffb998c730588e0f7285bfbbe0709fa5938ccd77b50e53996323aecf5131cc6
-
SSDEEP
384:xy2nOVC1a1WmAcsH2Co9KPdseXG8iIhDbuLCG4kNmBWuxb87AMFn:xrQ1hNsnPZ1JkQ875n
Score1/10 -
-
-
Target
Release/Plugins/Miscellaneous.dll
-
Size
80KB
-
MD5
0c49fa7e8a6191f95a5a411b216b5dfe
-
SHA1
4476c1694437bcf7feb8eeed609d450a35fa578a
-
SHA256
0f000db8616abb51a74b8fcf943a693b4c78518634df96b7a4546a870de15076
-
SHA512
e4bb840a76c3e35dedf13bf1dda421c0cce4db06a043d181ef5bf02ffcb45e05216e4058f4080b46bb1f7f664f198c859c26d41906ecb4de168c2aaf1a36ffd4
-
SSDEEP
1536:st8eSLHUxdQehszbHLofcV2jNnSe3Oy4kkiRa9Uig5StP197:smHUxdQeas0V2V3Oy4n4a9Uig5Sp7
Score1/10 -
-
-
Target
Release/Plugins/Netstat.dll
-
Size
24KB
-
MD5
add261063f3e20f12a77551a91f2c54c
-
SHA1
96c658d7defd3515585d3b5c02cc0e6167670991
-
SHA256
e8dfd4a2885084d0463b6c68041b601bb96bbc49962716e88f915edc64a97428
-
SHA512
0030092a7e75f26ad67ed9d81e641d28d5db62270ccdb455941ec3a5d1c10e7cde4c9fa580f54614e17dbc61d3a1f176e119b1a7fdc93f9b5753ef8962f07512
-
SSDEEP
384:+rl+bbgmsHmxSRmqe5HPwKRsJGAdseXGOhBReDmYuFCJG0BBF93NNRk+rs25x55j:+wbWGcMqc45L6eC1Bf9Tk+gn8sa
Score1/10 -
-
-
Target
Release/Plugins/Options.dll
-
Size
373KB
-
MD5
f623829ff9a5014f398432b4509fb9f8
-
SHA1
f402bfeee72932b018368d1573b214b81f697536
-
SHA256
f7a2cf016280a5e7a24a46d6e81a704bfccd6486b35afefc4601a8330895f85f
-
SHA512
14b83f4d46824dfe804ac3229a354e2957b058db92100be93beddbc22b3b3a3afd4ad9326c4ba8e893836f34775223a797116ef85055636a24b46b7d4459417b
-
SSDEEP
6144:5PcVUKQh7PTlFOEPDDeXmCIW89LQsgd/mVHeiOA7+Yi4kZd:5EVoVn2Xa9Lad+b+Yi4kr
Score1/10 -
-
-
Target
Release/Plugins/ProcessManager.dll
-
Size
25KB
-
MD5
856c461db8d31a410299c90e2d2fda0d
-
SHA1
6dc8820ce249a75653aa54dbb51a2d752a448f39
-
SHA256
fe64f6419cc7e3906c42e413bd844655a369fcc15c6ebd99b7951309e279509e
-
SHA512
23e6baee7c15e09fea41d7f7d15d0a224241bf560e9b5573885fa448bf0560d6b8d22faba36a475bea961fb33f0289ab5229837f0b5d2b7971e50456ac7facbf
-
SSDEEP
384:HiL3RGwNe7Nm1T33T9OZNA8SwCguRvsPzHdseXGii6ZDWl9UZ5QDBfqFucvAYFYL:HiL3A2eg1L3B7wUvsPT9mcvNYfLn
Score1/10 -
-
-
Target
Release/Plugins/Ransomware.dll
-
Size
97KB
-
MD5
1fd1dbefcb19ef46778ae437e82b3bdc
-
SHA1
7e99fa5bf165f6ca552d5bc150d01c3bf26f7b74
-
SHA256
fd0387ed6322079b9e95fb853e4ffc683782a221dcc49b740937cd0e173c6fad
-
SHA512
b990058baef88ef5f415f52414ae01cca45bab6bf3cb1b7ab361509bc00b5ef1d36c262c6605baada07b56bbcf2ffc0d184640c2d0f05f8387069f2435eca137
-
SSDEEP
1536:hQaxD6uxxNV41T56kDgJp+isYOmvZfi3Oqbh9rzvbVP:Kax2uxxNV41T5lkjvv83OqbjPZP
Score1/10 -
-
-
Target
Release/Plugins/Recovery.dll
-
Size
1.3MB
-
MD5
b4762c63cc383eb02cb093eeb88aecf1
-
SHA1
a3a1fdd8612c63f6d62d5a62915966be8e922ba1
-
SHA256
ec768f980b651a2fbbbcffb715bcac5214730c02ff21a1a987d6db9cb04f01e1
-
SHA512
51a9a8665be79a043dafe114d577988d5ab74803ab738d4d7129136372c7e1db4719c83e98c6e3aa7a8374a84cca570b34274d6bf18272906e6504872c514a1e
-
SSDEEP
24576:obiHpeKuuOcI8FeZ1H9StDW+gmGIX4exF9JdjT:obiHAG9cgymGIX4eBj
Score1/10 -