dcrat | 09342b36eeaad27a94f1fd6817bf161cf1c9194709ce8fe869afccd4239f4db3 | Triage

Submit
Reports

Overview

overview

Static

static

UDS-Trojan...d2.exe

windows7-x64

UDS-Trojan...d2.exe

windows10-2004-x64

Sharing

General

Target

UDS-Trojan-PSW.MSIL.Tepfer.gen-09342b36eeaad2.exe
Size

2.4MB
Sample

230117-r76hesdh2v
MD5

b8ebe55c83b79c2f0c4c15ac4ec8c3a0
SHA1

c13137e3bfb16f61e5c69f60248be578bdd70551
SHA256

09342b36eeaad27a94f1fd6817bf161cf1c9194709ce8fe869afccd4239f4db3
SHA512

93778d19151b28cfea617ca64e707d43a6bcb342bb502ea2e9723200f71a2f26cea3f1f128e7252528eb586e85eb35b47b08afd58056aaf1c84fdd29a57feb9b
SSDEEP

49152:ubA34q6DjV16+6mCoG4HWT9TV6fsmLp3nfw9heL5fE3zdbg1NG:ubRDjV1x6mCoPYofsy9wvg5fgzd0HG

Score

10^/10

dcrat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

UDS-Trojan-PSW.MSIL.Tepfer.gen-09342b36eeaad2.exe

Resource

win7-20220901-en

dcrat infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

UDS-Trojan-PSW.MSIL.Tepfer.gen-09342b36eeaad2.exe

Resource

win10v2004-20221111-en

dcrat infostealer rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  UDS-Trojan-PSW.MSIL.Tepfer.gen-09342b36eeaad2.exe
- Size
  
  2.4MB
- MD5
  
  b8ebe55c83b79c2f0c4c15ac4ec8c3a0
- SHA1
  
  c13137e3bfb16f61e5c69f60248be578bdd70551
- SHA256
  
  09342b36eeaad27a94f1fd6817bf161cf1c9194709ce8fe869afccd4239f4db3
- SHA512
  
  93778d19151b28cfea617ca64e707d43a6bcb342bb502ea2e9723200f71a2f26cea3f1f128e7252528eb586e85eb35b47b08afd58056aaf1c84fdd29a57feb9b
- SSDEEP
  
  49152:ubA34q6DjV16+6mCoG4HWT9TV6fsmLp3nfw9heL5fE3zdbg1NG:ubRDjV1x6mCoPYofsy9wvg5fgzd0HG
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy