dcrat | 4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df | Triage

Submit
Reports

Overview

overview

Static

static

4a8208bf9f...df.exe

windows7-x64

4a8208bf9f...df.exe

windows10-2004-x64

Sharing

General

Target

4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df
Size

574KB
Sample

230129-v1gghagh4z
MD5

b5a28a29823b875076ccca3344499426
SHA1

cf51bddf543b5b3570e43d7eb83d201309da36a3
SHA256

4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df
SHA512

e9a648701f6612c1f5f0956d226282b5af26beee4e517a1d5670f97bb97dae8edd010080a1857213dd72d5b89f80da4f9f00f1d19c4459d1c06ca5ef936fe144
SSDEEP

12288:HQnk3GDYKGcbllbp8VTbS8thdRok51TvLH5W:JAOcZxpgTbS8tZokU

Score

10^/10

dcrat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df.exe

Resource

win7-20220812-en

dcrat infostealer rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df.exe

Resource

win10v2004-20220812-en

dcrat infostealer rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df
- Size
  
  574KB
- MD5
  
  b5a28a29823b875076ccca3344499426
- SHA1
  
  cf51bddf543b5b3570e43d7eb83d201309da36a3
- SHA256
  
  4a8208bf9f396c802e85052dcec8f7640368941b3ad6aa575de3e1f4bfcfc3df
- SHA512
  
  e9a648701f6612c1f5f0956d226282b5af26beee4e517a1d5670f97bb97dae8edd010080a1857213dd72d5b89f80da4f9f00f1d19c4459d1c06ca5ef936fe144
- SSDEEP
  
  12288:HQnk3GDYKGcbllbp8VTbS8thdRok51TvLH5W:JAOcZxpgTbS8tZokU
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy