dcrat | 1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab | Triage

Submit
Reports

Overview

overview

Static

static

1c635c50e9...ab.exe

windows7_x64

1c635c50e9...ab.exe

windows10-2004_x64

Sharing

General

Target

1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab
Size

3.3MB
Sample

220520-1wjc7aeda3
MD5

cbc2e658197bf5061a0c8fca10ebb0e3
SHA1

aeff21358b16e27e52241e505bc01f563d7cbd68
SHA256

1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab
SHA512

c1580bba44de40cf81b133bf6bd09e04f80e401942928b1167edf101c6d50c42de654e32134a4017d2f31f110fbdc6bb7e73f0dccca5ceb94efa00bd5d1a46b0

Score

10^/10

dcrat evasion infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab.exe

Resource

win7-20220414-en

dcrat evasion infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab.exe

Resource

win10v2004-20220414-en

dcrat evasion infostealer rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab
- Size
  
  3.3MB
- MD5
  
  cbc2e658197bf5061a0c8fca10ebb0e3
- SHA1
  
  aeff21358b16e27e52241e505bc01f563d7cbd68
- SHA256
  
  1c635c50e917e031fe5798285a270fb847b06b5aa248b3f956c7abf84af91fab
- SHA512
  
  c1580bba44de40cf81b133bf6bd09e04f80e401942928b1167edf101c6d50c42de654e32134a4017d2f31f110fbdc6bb7e73f0dccca5ceb94efa00bd5d1a46b0
Score

10^/10

dcrat evasion infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratevasioninfostealerrat

behavioral2

dcratevasioninfostealerrat

© 2018-2024

Terms | Privacy