dcrat | 1c727f37816d073ee277ef1fd45a449ba5b877a3f96add64bb052d50b69de81d | Triage

Submit
Reports

Overview

overview

Static

static

ﱞﱞﱞ�...ﱞﱞ

windows10_x64

ﱞﱞﱞ�...ฺฺ

windows10_x64

ﱞﱞﱞ�...ﱞﱞ

windows10_x64

ﱞﱞﱞ�...ﱞﱞ

windows10_x64

ﱞﱞﱞ�...ﱞﱞ

windows7_x64

1

Resubmissions

21-04-2021 18:06

210421-67ta5keqaa 10

21-04-2021 18:02

210421-f5gwj58ryj 10

Sharing

General

Target

Rouzzzey.7z
Size

17.1MB
Sample

210421-67ta5keqaa
MD5

ad251dc50433cd8de777ff5cd9fcfd0c
SHA1

badaca6896ac49d890ad3d2b9a7a2887d3f74591
SHA256

1c727f37816d073ee277ef1fd45a449ba5b877a3f96add64bb052d50b69de81d
SHA512

413cf9c661d4179455e8379b8ff42fe195ff98f703916151579fa304f076b83abb28296a6f5adc9bdf92607e60c4541a1c6edcbc6d96e50e7cbd245b71f463c1

Score

10^/10

dcrat infostealer persistence rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

dashdV.exe

Resource

win10v20210410

dcrat infostealer persistence rat spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dashdV.exe

Resource

win10v20210408

dcrat infostealer persistence rat spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

dashdV.exe

Resource

win10v20210410

dcrat infostealer persistence rat spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

dashdV.exe

Resource

win10v20210410

dcrat infostealer persistence rat spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

dashdV.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  dashdV.exe
- Size
  
  17.1MB
- MD5
  
  765f570a565d578f2ace3ccb41cef038
- SHA1
  
  89b44e3aa8f3c93f80ae29f7a36a9486b080229d
- SHA256
  
  0d7c515d3483b45d5725717070e8497435c39b3450af59194b2a32a33c2867e8
- SHA512
  
  941862a1d09e70725f9826b05dc8a8c7442add91229f39ac7ea9d4e6b8d0f751d749ac6b6ac2202290122945e14bab06516680a7007598af7cca62ac1b465898
Score

10^/10

dcrat infostealer persistence rat spyware stealer
- DCrat
  DarkCrystalrat.
  rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Modifies WinLogon for persistence
  persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratinfostealerpersistenceratspywarestealer

behavioral2

dcratinfostealerpersistenceratspywarestealer

behavioral3

dcratinfostealerpersistenceratspywarestealer

behavioral4

dcratinfostealerpersistenceratspywarestealer

behavioral5

© 2018-2024

Terms | Privacy