dcrat | c50aeeef5c7a0dcbafb2da4b7fa5b983a09fb2e8a84b75072ec7d88457e71826 | Triage

Submit
Reports

Overview

overview

Static

static

51c3cebd8c...f0.exe

windows7-x64

51c3cebd8c...f0.exe

windows10-2004-x64

Sharing

General

Target

51c3cebd8c8fe19e37b68c64218b4c4552aac4c804bd04ed372fd74d52668ff0
Size

1.5MB
Sample

221212-wcbf1seg9x
MD5

d9a4b6ba1ede49f9d7b59dffbbab9d08
SHA1

bc316f82a8d75a1b79e61fc6b226751e97f20b40
SHA256

c50aeeef5c7a0dcbafb2da4b7fa5b983a09fb2e8a84b75072ec7d88457e71826
SHA512

3350ed6576986d3ee6d724b3f36a6f811241cb4ec2be61956d723e5de70564a73497f55e2a91b6d43b484c7f7c1fc5528f8a65930d9808d6bc611f0fc90d9b01
SSDEEP

24576:HpbJdN/DEf2d6cXL83+ogefj2fPPCAIPiyRscPl2g4CkPo6rugwdD2bd:JVAfKbXL83+UjIqF6yRsct9ibrzSD2x

Score

10^/10

dcrat infostealer rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

51c3cebd8c8fe19e37b68c64218b4c4552aac4c804bd04ed372fd74d52668ff0.exe

Resource

win7-20220812-en

dcrat infostealer rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

51c3cebd8c8fe19e37b68c64218b4c4552aac4c804bd04ed372fd74d52668ff0.exe

Resource

win10v2004-20221111-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  51c3cebd8c8fe19e37b68c64218b4c4552aac4c804bd04ed372fd74d52668ff0
- Size
  
  2.0MB
- MD5
  
  fc9ea28a3c3659c4200e442d20198458
- SHA1
  
  79ede873cd08d5941e54524dd85b5add0a79bd7c
- SHA256
  
  51c3cebd8c8fe19e37b68c64218b4c4552aac4c804bd04ed372fd74d52668ff0
- SHA512
  
  c2357a0eb6fd31929af57c544be2de14b0daee2a731ec09e586b0ac748b7368ae5a022d0d8dae0ccece0fa860799a0da02405f60d86a963e177508b5e4220a17
- SSDEEP
  
  49152:ubA3jVKbYcU6bWUfj4a7syRO2tzK/RNS/2t:ubjJXj4a4IKJYet
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy