dcrat | 2ab0001a6bb8d5bb1677dd0ef48bc35747f87e3f2df8c0afc0175088a7b0b094 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2ab0001a6bb8d5bb1677dd0ef48bc35747f87e3f2df8c0afc0175088a7b0b094
Size

1.3MB
Sample

221101-g2819ahgdk
MD5

6e4311ef600f2563bff907479b5874c9
SHA1

1d7b26d7209e6e587e2b481b7f2deda542fb3267
SHA256

2ab0001a6bb8d5bb1677dd0ef48bc35747f87e3f2df8c0afc0175088a7b0b094
SHA512

ed7eb5c047d72a7495ad338d291819503a4ee84666c01f49b91c244c3d8342bd4176a5646f1e83cfa399454a47f6348712950b811a2fd09c4c6b8c05392f6932
SSDEEP

24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score

10^/10

dcrat infostealer rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2ab0001a6bb8d5bb1677dd0ef48bc35747f87e3f2df8c0afc0175088a7b0b094.exe

Resource

win10v2004-20220812-en

dcrat infostealer rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2ab0001a6bb8d5bb1677dd0ef48bc35747f87e3f2df8c0afc0175088a7b0b094
- Size
  
  1.3MB
- MD5
  
  6e4311ef600f2563bff907479b5874c9
- SHA1
  
  1d7b26d7209e6e587e2b481b7f2deda542fb3267
- SHA256
  
  2ab0001a6bb8d5bb1677dd0ef48bc35747f87e3f2df8c0afc0175088a7b0b094
- SHA512
  
  ed7eb5c047d72a7495ad338d291819503a4ee84666c01f49b91c244c3d8342bd4176a5646f1e83cfa399454a47f6348712950b811a2fd09c4c6b8c05392f6932
- SSDEEP
  
  24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

© 2018-2025

Terms | Privacy