dcrat | 2ffa712d8f0bd9a4441047edce9e9f28d88ff15d26513b0cdf1925f6df461ecb | Triage

Submit
Reports

Overview

overview

Static

static

2ffa712d8f...cb.exe

windows7-x64

2ffa712d8f...cb.exe

windows10-2004-x64

Sharing

General

Target

2ffa712d8f0bd9a4441047edce9e9f28d88ff15d26513b0cdf1925f6df461ecb
Size

757KB
Sample

230129-1w5w7aee24
MD5

892d94eeae3c0501181abe6f5c07fd11
SHA1

3c4555d758ae1e695436404a5b0b5347447afc96
SHA256

2ffa712d8f0bd9a4441047edce9e9f28d88ff15d26513b0cdf1925f6df461ecb
SHA512

a1c4bcfe4e5118348531ae6c18fdfc3ec3066b193b21c683130b2ea24dc5f9e8bc7212300836af353560eeffbe0a14847e851615d71e0055dced9e455cea359a
SSDEEP

12288:keZM0+7o7YNQxF4WioPJicryGBWECTmvJ52liBXIA5yCJnSr3/35ellbLdV2BQjM:kedfwQ66icoECk52liBXIAMCJnQ3v0lo

Score

10^/10

dcrat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

2ffa712d8f0bd9a4441047edce9e9f28d88ff15d26513b0cdf1925f6df461ecb.exe

Resource

win7-20220812-en

dcrat infostealer persistence rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2ffa712d8f0bd9a4441047edce9e9f28d88ff15d26513b0cdf1925f6df461ecb.exe

Resource

win10v2004-20220812-en

dcrat infostealer persistence rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2ffa712d8f0bd9a4441047edce9e9f28d88ff15d26513b0cdf1925f6df461ecb
- Size
  
  757KB
- MD5
  
  892d94eeae3c0501181abe6f5c07fd11
- SHA1
  
  3c4555d758ae1e695436404a5b0b5347447afc96
- SHA256
  
  2ffa712d8f0bd9a4441047edce9e9f28d88ff15d26513b0cdf1925f6df461ecb
- SHA512
  
  a1c4bcfe4e5118348531ae6c18fdfc3ec3066b193b21c683130b2ea24dc5f9e8bc7212300836af353560eeffbe0a14847e851615d71e0055dced9e455cea359a
- SSDEEP
  
  12288:keZM0+7o7YNQxF4WioPJicryGBWECTmvJ52liBXIA5yCJnSr3/35ellbLdV2BQjM:kedfwQ66icoECk52liBXIAMCJnQ3v0lo
Score

10^/10

dcrat infostealer persistence rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratinfostealerpersistencerat

behavioral2

dcratinfostealerpersistencerat

© 2018-2024

Terms | Privacy