dcrat | f6a307d243c407c27489de37adac83e9205be531cbb4e2cb71545627faf813fd | Triage

Submit
Reports

Overview

overview

Static

static

4ced2056e4...0c.exe

windows7_x64

4ced2056e4...0c.exe

windows10_x64

Resubmissions

11-01-2021 13:09

210111-dlhjyngw66 8

11-01-2021 07:36

210111-xfhgmxjy6n 10

Sharing

General

Target

4ced2056e4efe1c93b9f4adaaeaba20c.exe
Size

607KB
Sample

210111-xfhgmxjy6n
MD5

4ced2056e4efe1c93b9f4adaaeaba20c
SHA1

b975777c42d7d8fb04c34a2efc64dc5e4c574712
SHA256

f6a307d243c407c27489de37adac83e9205be531cbb4e2cb71545627faf813fd
SHA512

014df0ad54bf23335f964fa4e313a91b60b3ea2c62b73a306e973177830b573666aaebc1932cafa766042f34b8e32adcfabe3027aae2cc09341fd138a8963eaf

Score

10^/10

dcrat evasion infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

4ced2056e4efe1c93b9f4adaaeaba20c.exe

Resource

win7v20201028

dcrat evasion infostealer rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4ced2056e4efe1c93b9f4adaaeaba20c.exe

Resource

win10v20201028

dcrat evasion infostealer rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4ced2056e4efe1c93b9f4adaaeaba20c.exe
- Size
  
  607KB
- MD5
  
  4ced2056e4efe1c93b9f4adaaeaba20c
- SHA1
  
  b975777c42d7d8fb04c34a2efc64dc5e4c574712
- SHA256
  
  f6a307d243c407c27489de37adac83e9205be531cbb4e2cb71545627faf813fd
- SHA512
  
  014df0ad54bf23335f964fa4e313a91b60b3ea2c62b73a306e973177830b573666aaebc1932cafa766042f34b8e32adcfabe3027aae2cc09341fd138a8963eaf
Score

10^/10

dcrat evasion infostealer rat spyware stealer
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DC Rat Payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratevasioninfostealerratspywarestealer

behavioral2

dcratevasioninfostealerratspywarestealer

© 2018-2024

Terms | Privacy