dcrat

General

Target

file.exe
Size

126KB
Sample

210404-h97javyh26
MD5

fdefd1e361d1020577bf018a5a98040c
SHA1

2d7c4cfa15f4cb29ce95e7a59c3089a081a772a2
SHA256

01cb6ab274dc0ac90192b537a606965d98f03d99c95b3a0e24bc6cad724d42c7
SHA512

adb42dc5cc31b95f6e3d463068d57480acb50c80ce49f4fabd0fa87700dda3d92afe543f2569f2e92077afd0d00869c5cdf24902968050132eccd9a230719378

Score

10^/10

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  126KB
- MD5
  
  fdefd1e361d1020577bf018a5a98040c
- SHA1
  
  2d7c4cfa15f4cb29ce95e7a59c3089a081a772a2
- SHA256
  
  01cb6ab274dc0ac90192b537a606965d98f03d99c95b3a0e24bc6cad724d42c7
- SHA512
  
  adb42dc5cc31b95f6e3d463068d57480acb50c80ce49f4fabd0fa87700dda3d92afe543f2569f2e92077afd0d00869c5cdf24902968050132eccd9a230719378
Score

10^/10

dcrat taurus_stealer xmrig discovery infostealer miner persistence rat spyware stealer trojan
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Taurus Stealer
  Taurus is an infostealer first seen in June 2020.
  trojan stealer taurus_stealer
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Blocklisted process makes network request
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2