dcrat | 493a2547e41f5c448e3638a63a91a3b07950202fb912d187688223eb4081483f | Triage

Submit
Reports

Overview

overview

Static

static

ab7fbb991d...d3.exe

windows7_x64

ab7fbb991d...d3.exe

windows10-2004_x64

Sharing

General

Target

ab7fbb991d61dcb9affcb581c459e9d3.exe
Size

2.3MB
Sample

220209-dy7ggahccq
MD5

ab7fbb991d61dcb9affcb581c459e9d3
SHA1

abe33bd69ac60e2a0b06ed8201d41fb430ff518c
SHA256

493a2547e41f5c448e3638a63a91a3b07950202fb912d187688223eb4081483f
SHA512

edca9ae34af65a69c7b157adfcc17579e6cd2bfe80aef9c05cb7c1534d49992e234ba43ba76987d6d22d020cf47e34e32c2c600b09df1ff49f1055a0d7e0b5cb

Score

10^/10

dcrat evasion infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

ab7fbb991d61dcb9affcb581c459e9d3.exe

Resource

win7-en-20211208

dcrat evasion infostealer persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ab7fbb991d61dcb9affcb581c459e9d3.exe

Resource

win10v2004-en-20220113

dcrat evasion infostealer persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ab7fbb991d61dcb9affcb581c459e9d3.exe
- Size
  
  2.3MB
- MD5
  
  ab7fbb991d61dcb9affcb581c459e9d3
- SHA1
  
  abe33bd69ac60e2a0b06ed8201d41fb430ff518c
- SHA256
  
  493a2547e41f5c448e3638a63a91a3b07950202fb912d187688223eb4081483f
- SHA512
  
  edca9ae34af65a69c7b157adfcc17579e6cd2bfe80aef9c05cb7c1534d49992e234ba43ba76987d6d22d020cf47e34e32c2c600b09df1ff49f1055a0d7e0b5cb
Score

10^/10

dcrat evasion infostealer persistence rat trojan
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious use of NtCreateProcessExOtherParentProcess
- UAC bypass
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratevasioninfostealerpersistencerattrojan

behavioral2

dcratevasioninfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy