dcrat | 27ce70fee0c8e0e90e20dfd2f1e2db5d5a13b8857be1dfd2142f04ab77bc6510 | Triage

Submit
Reports

Overview

overview

Static

static

qbsubf8fng...01.doc

windows7_x64

qbsubf8fng...01.doc

windows10_x64

1

Sharing

General

Target

qbsubf8fng_AGOSTO_DOC21408001.doc
Size

1.4MB
Sample

210416-b4hjz3m7c2
MD5

53a47a7554872f55e5d4cf09d9598b20
SHA1

6d8d37d0cdbfb96d79eb69e05766ee40393fcd63
SHA256

27ce70fee0c8e0e90e20dfd2f1e2db5d5a13b8857be1dfd2142f04ab77bc6510
SHA512

f8764308302ec4088ba5c2f6ea8efc06de66e771932d42a22b449fcfb32b3afc5fdf98a7417291cbef36cfcdbbf494b3983faa03bef43c3bb9c16a1bfb796f19

Score

10^/10

dcrat diamondfox botnet discovery infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

qbsubf8fng_AGOSTO_DOC21408001.doc

Resource

win7v20210410

dcrat diamondfox botnet discovery infostealer rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

qbsubf8fng_AGOSTO_DOC21408001.doc

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  qbsubf8fng_AGOSTO_DOC21408001.doc
- Size
  
  1.4MB
- MD5
  
  53a47a7554872f55e5d4cf09d9598b20
- SHA1
  
  6d8d37d0cdbfb96d79eb69e05766ee40393fcd63
- SHA256
  
  27ce70fee0c8e0e90e20dfd2f1e2db5d5a13b8857be1dfd2142f04ab77bc6510
- SHA512
  
  f8764308302ec4088ba5c2f6ea8efc06de66e771932d42a22b449fcfb32b3afc5fdf98a7417291cbef36cfcdbbf494b3983faa03bef43c3bb9c16a1bfb796f19
Score

10^/10

dcrat diamondfox botnet discovery infostealer rat spyware stealer
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DiamondFox
  DiamondFox is a multipurpose botnet with many capabilities.
  botnet stealer diamondfox
- DiamondFox payload
  Detects DiamondFox payload in file/memory.
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Blocklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiamondfoxbotnetdiscoveryinfostealerratspywarestealer

behavioral2

© 2018-2025

Terms | Privacy