dcrat | 7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941 | Triage

Submit
Reports

Overview

overview

Static

static

7b525a2890...41.exe

windows7_x64

7b525a2890...41.exe

windows10-2004_x64

Sharing

General

Target

7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941
Size

2.2MB
Sample

220520-2rfxyaahbr
MD5

7666f4f50e25b9c8af50a605b2292170
SHA1

adef3e910f165eb6071767c7b40fd7cf22452cbd
SHA256

7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941
SHA512

6b433ffa42d30003fda168a4754dc4aabeef8309a308625816909d52587148650acb05b5ad73251113d4539f09aa2d015213623ace63aa020cd2841d93ebb988

Score

10^/10

dcrat evasion infostealer rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941.exe

Resource

win7-20220414-en

dcrat evasion infostealer rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941.exe

Resource

win10v2004-20220414-en

dcrat evasion infostealer rat suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941
- Size
  
  2.2MB
- MD5
  
  7666f4f50e25b9c8af50a605b2292170
- SHA1
  
  adef3e910f165eb6071767c7b40fd7cf22452cbd
- SHA256
  
  7b525a28909d97e57d16d09c1822b67ba00337765ed77af6f1dd1e96d4afb941
- SHA512
  
  6b433ffa42d30003fda168a4754dc4aabeef8309a308625816909d52587148650acb05b5ad73251113d4539f09aa2d015213623ace63aa020cd2841d93ebb988
Score

10^/10

dcrat evasion infostealer rat suricata
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- suricata: ET MALWARE DCRat Initial CnC Activity
  suricata: ET MALWARE DCRat Initial CnC Activity
  suricata
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratevasioninfostealerratsuricata

behavioral2

dcratevasioninfostealerratsuricata

© 2018-2024

Terms | Privacy