dcrat | 5b74fabd26372fb02de33316f41adba1dd5d9e0c84961699cf2f9a475729b598 | Triage

Submit
Reports

Overview

overview

Static

static

8

5b74fabd26...98.exe

windows7_x64

5b74fabd26...98.exe

windows10-2004_x64

Sharing

General

Target

5b74fabd26372fb02de33316f41adba1dd5d9e0c84961699cf2f9a475729b598
Size

2.1MB
Sample

220520-3ay8magee5
MD5

cd41c9fd80fc79506911ae3a97676eb6
SHA1

8a53a31dabf4c6bc373d6d83b75723e1eae1a384
SHA256

5b74fabd26372fb02de33316f41adba1dd5d9e0c84961699cf2f9a475729b598
SHA512

6d1657a837906d61d1a48fea8b1397bdbf638954981b4f519a4ba62ef27ba974467d886832d4b56ff09029193553bb21cc48af37c3111391734c0030e5cb443a

Score

10^/10

dcrat evasion infostealer rat suricata upx

Static task

static1

Behavioral task

behavioral1

Sample

5b74fabd26372fb02de33316f41adba1dd5d9e0c84961699cf2f9a475729b598.exe

Resource

win7-20220414-en

dcrat evasion infostealer rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5b74fabd26372fb02de33316f41adba1dd5d9e0c84961699cf2f9a475729b598.exe

Resource

win10v2004-20220414-en

dcrat evasion infostealer rat suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  5b74fabd26372fb02de33316f41adba1dd5d9e0c84961699cf2f9a475729b598
- Size
  
  2.1MB
- MD5
  
  cd41c9fd80fc79506911ae3a97676eb6
- SHA1
  
  8a53a31dabf4c6bc373d6d83b75723e1eae1a384
- SHA256
  
  5b74fabd26372fb02de33316f41adba1dd5d9e0c84961699cf2f9a475729b598
- SHA512
  
  6d1657a837906d61d1a48fea8b1397bdbf638954981b4f519a4ba62ef27ba974467d886832d4b56ff09029193553bb21cc48af37c3111391734c0030e5cb443a
Score

10^/10

dcrat evasion infostealer rat suricata
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- suricata: ET MALWARE DCRat Initial CnC Activity
  suricata: ET MALWARE DCRat Initial CnC Activity
  suricata
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratevasioninfostealerratsuricata

behavioral2

dcratevasioninfostealerratsuricata

© 2018-2024

Terms | Privacy