dcrat | d06b31ccce69bfc88f4de44a28981aaf25bd7bdfba248b5ef2130f7a6cc4d508 | Triage

Submit
Reports

Overview

overview

Static

static

Proton Crypter v2.exe

windows7-x64

1

Proton Crypter v2.exe

windows10-1703-x64

Proton Crypter v2.exe

windows10-2004-x64

Proton Crypter v2.exe

windows11-21h2-x64

Sharing

General

Target

Proton Crypter v2.exe
Size

1.2MB
Sample

220729-j5y2kageal
MD5

4507f6a9c9532c1347a44e1f3f4de2b0
SHA1

9166b6628c4d37182c3abc851cb5ebfce9c18521
SHA256

d06b31ccce69bfc88f4de44a28981aaf25bd7bdfba248b5ef2130f7a6cc4d508
SHA512

507a1cd7483a0be27d8078b1d799dfd2b874ce6295e995702c1aa22c6f3fc5391c6a15357d8b398646d64c7fa38c2d189c1fc18539068948e693b2142bc8adda

Score

10^/10

dcrat purecrypter evasion infostealer loader persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Proton Crypter v2.exe

Resource

win7-20220718-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral2

Sample

Proton Crypter v2.exe

Resource

win10-20220722-en

dcrat purecrypter evasion infostealer loader persistence rat trojan

windows10-1703-x64

18 signatures

30 seconds

Behavioral task

behavioral3

Sample

Proton Crypter v2.exe

Resource

win10v2004-20220721-en

dcrat evasion infostealer persistence rat trojan

windows10-2004-x64

18 signatures

30 seconds

Behavioral task

behavioral4

Sample

Proton Crypter v2.exe

Resource

win11-20220223-en

windows11-21h2-x64

0 signatures

30 seconds

Malware Config

Targets

- Target
  
  Proton Crypter v2.exe
- Size
  
  1.2MB
- MD5
  
  4507f6a9c9532c1347a44e1f3f4de2b0
- SHA1
  
  9166b6628c4d37182c3abc851cb5ebfce9c18521
- SHA256
  
  d06b31ccce69bfc88f4de44a28981aaf25bd7bdfba248b5ef2130f7a6cc4d508
- SHA512
  
  507a1cd7483a0be27d8078b1d799dfd2b874ce6295e995702c1aa22c6f3fc5391c6a15357d8b398646d64c7fa38c2d189c1fc18539068948e693b2142bc8adda
Score

10^/10

dcrat purecrypter evasion infostealer loader persistence rat trojan
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Detect PureCrypter loader
  loader
- Modifies WinLogon for persistence
  persistence
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- PureCrypter
  PureCrypter is a loader which is intended for downloading and executing additional payloads.
  trojan loader purecrypter
- UAC bypass
  evasion trojan
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

dcratpurecrypterevasioninfostealerloaderpersistencerattrojan

behavioral3

dcratevasioninfostealerpersistencerattrojan

behavioral4

© 2018-2025

Terms | Privacy