General
-
Target
DcRat.zip
-
Size
6.3MB
-
Sample
241202-yzsd6azrgw
-
MD5
6b5246ddc575e3f7ca0242ba81910425
-
SHA1
5ad6cf004ed9137bb83ebdb8ae2ec20470446d1c
-
SHA256
64127c3e92e08691e9b2ba7f7bc3513b98328ce514d645ae85565cb9563961bc
-
SHA512
45790518c7c0e8af10fe95ce64d5f825b2f055164fd696fb28c5dede450f5aa42cc4df77d425aca274367e7b6ba244d361df2b7d50e3b1846361639c1cd90995
-
SSDEEP
98304:ylcQo9b/QZjeMrTgWilAwhySLYTfU8MGcgK80jWvzQvtHKvUOO89NSuRM:yv3Zj3TQlAdIYTfU8MGcHQUVKse9PRM
Malware Config
Extracted
asyncrat
1.0.7
Default
31.220.90.137:8848
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
Desktop Window Manager.exe
-
install_folder
%Temp%
Targets
-
-
Target
DcRat.zip
-
Size
6.3MB
-
MD5
6b5246ddc575e3f7ca0242ba81910425
-
SHA1
5ad6cf004ed9137bb83ebdb8ae2ec20470446d1c
-
SHA256
64127c3e92e08691e9b2ba7f7bc3513b98328ce514d645ae85565cb9563961bc
-
SHA512
45790518c7c0e8af10fe95ce64d5f825b2f055164fd696fb28c5dede450f5aa42cc4df77d425aca274367e7b6ba244d361df2b7d50e3b1846361639c1cd90995
-
SSDEEP
98304:ylcQo9b/QZjeMrTgWilAwhySLYTfU8MGcgK80jWvzQvtHKvUOO89NSuRM:yv3Zj3TQlAdIYTfU8MGcHQUVKse9PRM
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
BackupCertificate.zip
-
Size
1KB
-
MD5
67ed09071131cdb37d818eb28eec4aeb
-
SHA1
42a0936b6a3cbeb4c22b059eea719c194d617130
-
SHA256
f9dfd2411ad346b9b7fd9f719b4ab9b698a1e6930ef8b0166cbc5163d528b07e
-
SHA512
0bb4722a08070675059b095d9755ffbaadfa1f5ee358ea016b10a0891b025a1df5b4db8213d3e17d8e63402322f890f842d9ce6ef1463672da5eeac24c808a3c
Score1/10 -
-
-
Target
ServerCertificate.p12
-
Size
1KB
-
MD5
fd7325f2ee4701b301b32f334ea68f6b
-
SHA1
7b6fb952296069aa735573f4040aedb5fe42b21b
-
SHA256
ae005aa9e6bc53ffbce04c90f5160124cc6944d2959f1e1a46e3d7626d9cb5a6
-
SHA512
6d1fac63a963ce8c680aae2462ee406b6c370949e64061cc7c8925bc8c928d52b51173e977327ff1b093d68492f3ea2fe6e1be08f38876edf46873912906a654
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
DcRat.exe
-
Size
5.0MB
-
MD5
9a2706b014494988041a7cd721dc2e77
-
SHA1
5ca23535cb0abe9b1e5ca5466cf49323d62f1b78
-
SHA256
9fa9476e19afbc0b9a022a568fe765b793f4966e7e0e0910a2fd07a21a8d848d
-
SHA512
0c884f57267e478b131fe07b87ed41d6727fd678bd74c7e8b75de61f13f0365c185649453772cb7fefee96ddccb2d51b4d1a52edf551ea34faec1aa06ebbfdab
-
SSDEEP
98304:ya4YLGi2jelUpj0d7+k1pGlW5j6cZoEMHAh8qreWpOEnGFPHHLbqV:ynYrksv1p7ZZoEMgxtpORFHPA
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
DcRat.exe.config
-
Size
5KB
-
MD5
f8806ec6bcfeda3bfaab9821506ef15c
-
SHA1
ede84267e6df98f8c60ecdb72a1546013cb4ba3b
-
SHA256
dc698c4a2c1b33a2e449f4f4c8ef6058c325b4125584a70b71efde05715b78e7
-
SHA512
2617bd0917f5de770c06adec6484ffd2b34406e6708c67929192531bd95eed9e216825909f610573dd6bbef64870c6a7c5801d9d201c0d98010fc634b8f28477
-
SSDEEP
96:ur71Y7KO7KTrO0BGiv4273I2TpV6RVIAIUAv0np9V0BGivi4273I2TpV6RUGoKSX:ur7S7x7kralLI2GoKS/pv7sJ+J/qJvS
Score1/10 -
-
-
Target
Plugins/Audio.dll
-
Size
22KB
-
MD5
9834bb111cfe8084c4f88b10c246f4b0
-
SHA1
68fc9f2e8df32a350a56300b3c2bc97f7159c340
-
SHA256
b843447e46f13e5cddc2d3ccc974fdea22a03a4a393a9310787c56b9f18a4c5d
-
SHA512
7b7f7b93c2094f8010fc8ee696a16d3fe8190ce79bfa1fa083a4a09d9d9bc187eb5b43ddd4674c3d11ddadca273c4c108a64d5d7316d923ddb2c351d0be556d9
-
SSDEEP
384:FSRj1EfmW3sHmH+6kBdseXGDfICDzu5RQujuAa04FOkh6:FSRj1N0sHieK/7ouAhRO6
Score1/10 -
-
-
Target
Plugins/Chat.dll
-
Size
387KB
-
MD5
485874ca1ca6a970edbf93deacade012
-
SHA1
d6d94a485d4a43f538d305178408f34c032ece60
-
SHA256
eb772c641008eb5d441c37095a4e0b395748b0246f187d30a92c9284e56507fd
-
SHA512
2d49477be64537841de35973575b0f1d3aa44cda9cbe76e3b53fc4d31c8156caa6e1a33af6a60892f912a683b1600a264f256d913ed1a90499796b493ba4aef8
-
SSDEEP
6144:pX0cZsaB6N83r2y/plBWnxfID/uKNlNQ7fOiLXyCrxO9w+KQqxe/t3y:pkcZBB6NKbBWnxfIvNr4siQqxZ
Score1/10 -
-
-
Target
Plugins/Extra.dll
-
Size
29KB
-
MD5
00d372a4d492c46625e6a2bcf98e12f8
-
SHA1
6663347f6dc00942e32127b4de64a55a348082df
-
SHA256
df8bc945b8e62b82f31e5eb11f472392130becfcee16fd0832e7ae4f109a427e
-
SHA512
051bb37839176ec7c22bf3af57ad3a3e162dd833074be2ea6be937663bb9e6a880007d99425debd6a39ebd255131076a84cd128806990bc253aaea385e656931
-
SSDEEP
768:iYzenGCmW8NtQwcGLKfq5T4iqM60TSZh:ijGvmwRKf6hsT
Score1/10 -
-
-
Target
Plugins/FileManager.dll
-
Size
32KB
-
MD5
67f3e90ab8453715362f181b55315e57
-
SHA1
31b93df1ead2b4abe01234444965398b3fe93be0
-
SHA256
1a311b860252d4aa0c306d9a4e580c1dce91a7f3a03e289ff02b3d4f59588276
-
SHA512
6e8fb1d9f5d568376ab15894f1709d5aa0cb467cb34a1aa9ab3f0bfb78af8cfba76cb185cdfc797ba6afd30f88c9bcf79d118efc2999af12e6bbc21debd3a6cd
-
SSDEEP
384:TEGHWHugXvIgTmm49cj7ddseXGMBNhD8mouIXA4Pcg4PYzMnIqE7GMiBrNelgc:Tb2fN49ydxZyXMXxnIr7GMarNM
Score1/10 -
-
-
Target
Plugins/FileSearcher.dll
-
Size
277KB
-
MD5
6d837cc3170240963302c07cdb0cfa06
-
SHA1
d6aab1c8842ef388a756259f49e97de3caaf2732
-
SHA256
6ad83748dae28b4f8e6e93c54ff08fdb01c91eb4f510967145852a2c4b64703c
-
SHA512
baaea2aaaa42d75012c7fcf735b31deb0531e35c7a6a9d93965630a3fa31e8fed836f98a850760eefc253a2ebc001be4c79956efdd6ce51289dd0296cf7c7f1b
-
SSDEEP
3072:/GFYQ/KZdG6oE1nKSYfTvqCjUKidQTs2pccc9k1DEIWcSCSLeyYcEeI/KQ73Wmbn:/nwLrSYfDjtlAx9k1Aa4pE0
Score1/10 -
-
-
Target
Plugins/Fun.dll
-
Size
33KB
-
MD5
4db70bd8aab4b9b62ce8c318db634b21
-
SHA1
7f5b4b21a021b5fd95702426d97a62222d26520b
-
SHA256
8b8ecd3edab14d136f3257411e2ff9436ae2eebc96f3613e84abdad0fb0a1f3c
-
SHA512
78b59c833075b904c404eb860d309dd15c364032154401a910538bde573be90d7057e2ec390d76104b55da8e586660022633f5566950c1e0eea775474a282004
-
SSDEEP
768:mOx2Xd9ySMAwQnf5vrTh4g7aRLGzx04XF:mOxA3nf5xeRLZM
Score1/10 -
-
-
Target
Plugins/Information.dll
-
Size
24KB
-
MD5
3105d5c3eeca8a242e366369bf0f1f45
-
SHA1
2ad3283dd949848db6ed4a844500d43a373b650b
-
SHA256
a1a9dd40bcdf20ba208aca0f687fe4bb0a50cc9d62416253d9416400b1cbc9aa
-
SHA512
66ab935e909bc53f9ab9dccf925dd19cb4160fb5e69249274be1a3a502ea1e8061f044dd92e473e5298f768f30e0455731f52532039e80b9cf507a1012201a98
-
SSDEEP
384:oFvmkKbpmUGZdseXGvXhDYLuqInXx3McZhRaYzwM3tllsXxMSc:Y+kKb0bZIqInpXZhRtzAxMSc
Score1/10 -
-
-
Target
Plugins/Keylogger.exe
-
Size
10KB
-
MD5
29104fc09f07bfe4dbb67b1158c295e4
-
SHA1
4386610fd26b3c146838fb321626fcf776e2c803
-
SHA256
4d8c478eb9b6d2128be7d43be944b125700a8f505ef7951679c974617898a03c
-
SHA512
d72ef8d451cb49ae7af84811f1f2d785390fce36bcfa544505647ab123e506975f5fbd8bdeb17706a497e2a705a5d0aaf6f6058e54dac26724ff8439f3cbf928
-
SSDEEP
192:jtmcuq6MYDxi4maEYbRzmEsLkTgv5JHTZeJYHcwY7fazhEi:jtlF6MWE9rUhVsL15pZrYylE
Score1/10 -
-
-
Target
Plugins/Logger.dll
-
Size
26KB
-
MD5
a77594c93c6b1ae5e13b71df4cb030c0
-
SHA1
8cd99c7365376445012f16f3fe9f22f0a0fda7bd
-
SHA256
870507a66814c8eac8d062a9bd77614db8ef1ee81b17a865974d9e07bbd0318b
-
SHA512
2fe23ae9f06f471c96bd91ec2ee91be69a7ef373d149a1cf9fdc83ac310f8d746ffb998c730588e0f7285bfbbe0709fa5938ccd77b50e53996323aecf5131cc6
-
SSDEEP
384:xy2nOVC1a1WmAcsH2Co9KPdseXG8iIhDbuLCG4kNmBWuxb87AMFn:xrQ1hNsnPZ1JkQ875n
Score1/10 -
-
-
Target
Plugins/Miscellaneous.dll
-
Size
80KB
-
MD5
0c49fa7e8a6191f95a5a411b216b5dfe
-
SHA1
4476c1694437bcf7feb8eeed609d450a35fa578a
-
SHA256
0f000db8616abb51a74b8fcf943a693b4c78518634df96b7a4546a870de15076
-
SHA512
e4bb840a76c3e35dedf13bf1dda421c0cce4db06a043d181ef5bf02ffcb45e05216e4058f4080b46bb1f7f664f198c859c26d41906ecb4de168c2aaf1a36ffd4
-
SSDEEP
1536:st8eSLHUxdQehszbHLofcV2jNnSe3Oy4kkiRa9Uig5StP197:smHUxdQeas0V2V3Oy4n4a9Uig5Sp7
Score1/10 -
-
-
Target
Plugins/Netstat.dll
-
Size
24KB
-
MD5
add261063f3e20f12a77551a91f2c54c
-
SHA1
96c658d7defd3515585d3b5c02cc0e6167670991
-
SHA256
e8dfd4a2885084d0463b6c68041b601bb96bbc49962716e88f915edc64a97428
-
SHA512
0030092a7e75f26ad67ed9d81e641d28d5db62270ccdb455941ec3a5d1c10e7cde4c9fa580f54614e17dbc61d3a1f176e119b1a7fdc93f9b5753ef8962f07512
-
SSDEEP
384:+rl+bbgmsHmxSRmqe5HPwKRsJGAdseXGOhBReDmYuFCJG0BBF93NNRk+rs25x55j:+wbWGcMqc45L6eC1Bf9Tk+gn8sa
Score1/10 -
-
-
Target
Plugins/Options.dll
-
Size
373KB
-
MD5
f623829ff9a5014f398432b4509fb9f8
-
SHA1
f402bfeee72932b018368d1573b214b81f697536
-
SHA256
f7a2cf016280a5e7a24a46d6e81a704bfccd6486b35afefc4601a8330895f85f
-
SHA512
14b83f4d46824dfe804ac3229a354e2957b058db92100be93beddbc22b3b3a3afd4ad9326c4ba8e893836f34775223a797116ef85055636a24b46b7d4459417b
-
SSDEEP
6144:5PcVUKQh7PTlFOEPDDeXmCIW89LQsgd/mVHeiOA7+Yi4kZd:5EVoVn2Xa9Lad+b+Yi4kr
Score1/10 -
-
-
Target
Plugins/ProcessManager.dll
-
Size
25KB
-
MD5
856c461db8d31a410299c90e2d2fda0d
-
SHA1
6dc8820ce249a75653aa54dbb51a2d752a448f39
-
SHA256
fe64f6419cc7e3906c42e413bd844655a369fcc15c6ebd99b7951309e279509e
-
SHA512
23e6baee7c15e09fea41d7f7d15d0a224241bf560e9b5573885fa448bf0560d6b8d22faba36a475bea961fb33f0289ab5229837f0b5d2b7971e50456ac7facbf
-
SSDEEP
384:HiL3RGwNe7Nm1T33T9OZNA8SwCguRvsPzHdseXGii6ZDWl9UZ5QDBfqFucvAYFYL:HiL3A2eg1L3B7wUvsPT9mcvNYfLn
Score1/10 -
-
-
Target
Plugins/Ransomware.dll
-
Size
97KB
-
MD5
1fd1dbefcb19ef46778ae437e82b3bdc
-
SHA1
7e99fa5bf165f6ca552d5bc150d01c3bf26f7b74
-
SHA256
fd0387ed6322079b9e95fb853e4ffc683782a221dcc49b740937cd0e173c6fad
-
SHA512
b990058baef88ef5f415f52414ae01cca45bab6bf3cb1b7ab361509bc00b5ef1d36c262c6605baada07b56bbcf2ffc0d184640c2d0f05f8387069f2435eca137
-
SSDEEP
1536:hQaxD6uxxNV41T56kDgJp+isYOmvZfi3Oqbh9rzvbVP:Kax2uxxNV41T5lkjvv83OqbjPZP
Score1/10 -
-
-
Target
Plugins/Recovery.dll
-
Size
1.3MB
-
MD5
b4762c63cc383eb02cb093eeb88aecf1
-
SHA1
a3a1fdd8612c63f6d62d5a62915966be8e922ba1
-
SHA256
ec768f980b651a2fbbbcffb715bcac5214730c02ff21a1a987d6db9cb04f01e1
-
SHA512
51a9a8665be79a043dafe114d577988d5ab74803ab738d4d7129136372c7e1db4719c83e98c6e3aa7a8374a84cca570b34274d6bf18272906e6504872c514a1e
-
SSDEEP
24576:obiHpeKuuOcI8FeZ1H9StDW+gmGIX4exF9JdjT:obiHAG9cgymGIX4eBj
Score1/10 -
-
-
Target
Plugins/Regedit.dll
-
Size
279KB
-
MD5
2d7aef122e60ce2180c58b8ed9efc2ab
-
SHA1
a389ca6f93f0d963ee7156e7a5f95684cdf5fdae
-
SHA256
39324c7593b5dd64bbbf75fc6ae108721ed211b404f16542a0d475b4623ffeb6
-
SHA512
a6baec7ab964823e881e839242fcc6a1062ae5f442db52d6366e5c2fe212f0113b3d8050ce50ea447eb2c8e7f3987ba225b75cc5b8279fc4daea683baf933482
-
SSDEEP
3072:UzAqsjXBXBqf6ura3Rx7+HHgmIKxUI0oWFcgboxW5d5qkuoXxweMSfb/F0:yuRRtL2HgmmoscZW5qj6weMSJ
Score1/10 -
-
-
Target
Plugins/RemoteCamera.dll
-
Size
107KB
-
MD5
2835c05dc7f763c60b2126a490dfa23e
-
SHA1
9948a0361110b385b5bd8669964749476db85748
-
SHA256
d324ec3d6d125a819f1f06b157f176b8148bd3fce0fd688fefa65cae5b0eb63c
-
SHA512
754c123cf6df42196df835078ea74e9e6e2fdf62676a0075cf5c4a2ff9839b14b609db8962af84d108385e2b7493ed46be821f0c63ea83e316fd236537fc47a0
-
SSDEEP
3072:5OFFLLddftQGkkeeMMyDRRHHZZzmf7oQTLuxkyqIpQkosaYuYmBBvU83p+d3:4FFLLddfBkkeeMMyDRRHHZZzq/IpQkoX
Score1/10 -
-
-
Target
Plugins/RemoteDesktop.dll
-
Size
34KB
-
MD5
3baefe634abb75130635ce5e06758f62
-
SHA1
d820a0e6e7b7379bc864b90dad2eaea43419f6f8
-
SHA256
518fd63c51d5599ab3f578718735ea43550705a3cd53f6c2782203005bc1f1c3
-
SHA512
b545643fd9ddebdabd1e9379886357194a9ad4919a5c8874c5ce8eaf71634228f7e75b97bec1f4ae67b2b8ad9695c465248a9d1b1366266fe011c661c5b34c8e
-
SSDEEP
768:zgkUHv6PH412Z9z9kqTwwXT/PP1ne1e749:znbZXXTVj/PP1ne1q+
Score1/10 -
-
-
Target
Plugins/SendFile.dll
-
Size
26KB
-
MD5
04545a1371ebf983f37bdac5684506f1
-
SHA1
09e53e4eef4c4c91fd3d053d291196aeac7356ed
-
SHA256
54a25baff557db5c79e3cc342368adfcfd9ab2ea9908343a4f6a6267258007d1
-
SHA512
b35d12f164cb18ec8a5a5931fa2d8324cc1a5e8e3136d1033c2df3d26e8b037f238bf095f0f9b21e453100e9cd37219fc2732589b388b68de5ca48064b946264
-
SSDEEP
384:auDs6RbLDm9jJ5AftugdseXG88nhiU7eugRZAhrcvlMdBNI2qIcidq4jkcEjI+aF:f1969jJ5KugTDvYQvG22TdPH3lEi
Score1/10 -
-
-
Target
Plugins/SendMemory.dll
-
Size
27KB
-
MD5
b2f6f7137b96e5f97516f27e1c252943
-
SHA1
09a9c48d6b9009e9a1639414da89334d96544507
-
SHA256
123fb77ea70cd48298a95cb84464e9cfd57c125828592d63941a04ea5ff91e4e
-
SHA512
80f6add4537d5f05362ba140d420f4a840f6a4dcc10f61302c5dfd86f9559b9827a6913a28334fe804fd0555af4aa99fba9fc1614fb1c9ec938780432b37fd39
-
SSDEEP
384:go7mTJ92TmR0EMZadseXGUDfhD0uQ5MZm412CqDjbAFUYZE5xWfNxTa52p85:goiTJ9NOVa9pX1/mYZE5xWl5g2pO
Score1/10 -
-
-
Target
ServerCertificate.p12
-
Size
1KB
-
MD5
fd7325f2ee4701b301b32f334ea68f6b
-
SHA1
7b6fb952296069aa735573f4040aedb5fe42b21b
-
SHA256
ae005aa9e6bc53ffbce04c90f5160124cc6944d2959f1e1a46e3d7626d9cb5a6
-
SHA512
6d1fac63a963ce8c680aae2462ee406b6c370949e64061cc7c8925bc8c928d52b51173e977327ff1b093d68492f3ea2fe6e1be08f38876edf46873912906a654
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
Stub/Client.exe
-
Size
45KB
-
MD5
c007eafb83bde10955e1fb1f559a207e
-
SHA1
5dcf9702941e41c01fc0a8379df21a5691fa1b5f
-
SHA256
f003f20a3f57d41c72f2874a889a7a2a8e396a57f42cce35fbed9869c6a01964
-
SHA512
cd25e388f06a313fb35abb7fc66d1f01c3df18a9ae01e9e2a8d005f44a749d8151650f01d32af83dc23e09ec3b3a6ce3e5a33c8bc1a32c883f848445714fbba6
-
SSDEEP
768:+x6KCL3NdW2rIRpOHet/P5+/dSicaKe1Vvgc0WpmE1I5JVc6KN:+x6bNan5+MicaKe1VH0iX8JVclN
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
-
-
Target
project2.dll
-
Size
105KB
-
MD5
daf19666fb0cf84d78d9ae197d5113ef
-
SHA1
17f5093bdf7420378a60f7e8673dd882a7d03b7d
-
SHA256
f36f305cf9821ac0a36bfd1bba41e471f551facbfa69027ee18e09233a9db090
-
SHA512
da39898c1c84bac285f2c3d8c6ffed2eccbe19a786e8420df33de7b695cee534a587ef730c3d3b4ab5061ed2560da9ef949546102d51218e11eb0bcbd60b052d
-
SSDEEP
3072:m7yxRlwDqBQ2RkqEnoan6UoGCQqsSW1FEu1k:PQh/OwR1k
Score3/10 -