dcrat | 2f690b58687ac6623c3d3d7b289981412a818e2c45e298831629595c4207b3ae | Triage

Submit
Reports

Overview

overview

Static

static

HEUR-Troja...7a.exe

windows7-x64

HEUR-Troja...7a.exe

windows10-2004-x64

Resubmissions

17-01-2023 20:46

230117-zkafgaca5v 10

Sharing

General

Target

HEUR-Trojan-Spy.MSIL.Stealer.gen-2f690b58687a.exe
Size

1.4MB
Sample

230117-zkafgaca5v
MD5

c217831b4900501d6b48d74d3182a1dd
SHA1

3169d82e49dbc9a9c25da8d036a4e3a359237807
SHA256

2f690b58687ac6623c3d3d7b289981412a818e2c45e298831629595c4207b3ae
SHA512

f67b919512b25d93db567001b8819d41f0d080104b81709a69f05989f0cb74882b349fce1b07963831e0b636ffe233d60bd50337d9f04bdef1f7b3142e1f26f4
SSDEEP

24576:2v09hiiQVOpSqI1HghtvzDc5umotAmQyVtJijlEwSZg:I09wh3qI1HOtvzBmyvQwri+

Score

10^/10

dcrat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

HEUR-Trojan-Spy.MSIL.Stealer.gen-2f690b58687a.exe

Resource

win7-20221111-en

dcrat infostealer rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

HEUR-Trojan-Spy.MSIL.Stealer.gen-2f690b58687a.exe

Resource

win10v2004-20220812-en

dcrat infostealer rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  HEUR-Trojan-Spy.MSIL.Stealer.gen-2f690b58687a.exe
- Size
  
  1.4MB
- MD5
  
  c217831b4900501d6b48d74d3182a1dd
- SHA1
  
  3169d82e49dbc9a9c25da8d036a4e3a359237807
- SHA256
  
  2f690b58687ac6623c3d3d7b289981412a818e2c45e298831629595c4207b3ae
- SHA512
  
  f67b919512b25d93db567001b8819d41f0d080104b81709a69f05989f0cb74882b349fce1b07963831e0b636ffe233d60bd50337d9f04bdef1f7b3142e1f26f4
- SSDEEP
  
  24576:2v09hiiQVOpSqI1HghtvzDc5umotAmQyVtJijlEwSZg:I09wh3qI1HOtvzBmyvQwri+
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy