dcrat

General

Target

7490255525c33c151cc6d02921bdf40977a0960117f01da08b2ba95c6b2449cc
Size

2.4MB
Sample

220520-1bnr6sghcq
MD5

09ef660d260d8822449a0e0a86a04ce8
SHA1

784357b7d2c201ba9f6bf2e60fb22b2ba006053a
SHA256

7490255525c33c151cc6d02921bdf40977a0960117f01da08b2ba95c6b2449cc
SHA512

c1a91badfdf4dbdb85ba716d980667e743df30e15d9e36590daa5b256a6b0838705b1cffaf96cddd96db4b6917c7f6adacc9c0b684e3b0ea9a183b78cd21d1aa

Score

10^/10

Malware Config

Targets

- Target
  
  7490255525c33c151cc6d02921bdf40977a0960117f01da08b2ba95c6b2449cc
- Size
  
  2.4MB
- MD5
  
  09ef660d260d8822449a0e0a86a04ce8
- SHA1
  
  784357b7d2c201ba9f6bf2e60fb22b2ba006053a
- SHA256
  
  7490255525c33c151cc6d02921bdf40977a0960117f01da08b2ba95c6b2449cc
- SHA512
  
  c1a91badfdf4dbdb85ba716d980667e743df30e15d9e36590daa5b256a6b0838705b1cffaf96cddd96db4b6917c7f6adacc9c0b684e3b0ea9a183b78cd21d1aa
Score

10^/10

dcrat infostealer persistence rat suricata evasion
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- suricata: ET MALWARE DCRat Initial CnC Activity
  suricata: ET MALWARE DCRat Initial CnC Activity
  suricata
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

suricata: ET MALWARE DCRat Initial CnC Activity

Disables Task Manager via registry modification

Executes dropped EXE

Checks computer location settings

Drops startup file

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2