Overview

overview

10

Static

static

10

DcRat.7z

windows10-ltsc 2021-x64

10

DcRat.7z

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DcRat.7z

  • Size

    4.0MB

  • Sample

    241231-atg48swjgq

  • MD5

    836c2ae55c1baec789b83fa3d79d23b3

  • SHA1

    359a091da48369e1e8cea6e004826ee25a93b3db

  • SHA256

    68115c6e039363be3b80e416ed462d97f8c763af800237b1fa183cca1180bac5

  • SHA512

    e12f7438545f6615f84e37b81837127aacc79b4aadd3b212702bb662b0f752778ed15d646e8d657b318dfde57d2f893c18831bfb686a0ae1b7d62137c63080be

  • SSDEEP

    98304:ZuPQL6HZ4+zkMgDWby//eWG/mdBMXW3Jx3/EI+e+:Zuz4+zyDWbRL2s

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

127.0.0.1:8848

127.0.0.1:9003
Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      DcRat.7z

    • Size

      4.0MB

    • MD5

      836c2ae55c1baec789b83fa3d79d23b3

    • SHA1

      359a091da48369e1e8cea6e004826ee25a93b3db

    • SHA256

      68115c6e039363be3b80e416ed462d97f8c763af800237b1fa183cca1180bac5

    • SHA512

      e12f7438545f6615f84e37b81837127aacc79b4aadd3b212702bb662b0f752778ed15d646e8d657b318dfde57d2f893c18831bfb686a0ae1b7d62137c63080be

    • SSDEEP

      98304:ZuPQL6HZ4+zkMgDWby//eWG/mdBMXW3Jx3/EI+e+:Zuz4+zyDWbRL2s

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Async RAT payload

      rat

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks