dcrat | 892555689233c21dfdfc0fb10a8241b92d36dd7b2831b28331b2efb6b219fd66 | Triage

Submit
Reports

Overview

overview

Static

static

8925556892...66.exe

windows7-x64

8925556892...66.exe

windows10-2004-x64

Sharing

General

Target

892555689233c21dfdfc0fb10a8241b92d36dd7b2831b28331b2efb6b219fd66
Size

382KB
Sample

230129-y65casde41
MD5

e341dce8ea14c62cdb2c2a0082c06e6f
SHA1

40e13801d6e48317eac0019a5d69b5385afe4cd7
SHA256

892555689233c21dfdfc0fb10a8241b92d36dd7b2831b28331b2efb6b219fd66
SHA512

d9722cea91e6d4268b4b799c33022978eef8a70f5fb8056b13c60ca2fbe5772423141f94e7ef58095fc49eefb6e0a217a11903e7d23d0c9e8838502225d07b69
SSDEEP

6144:Nhg8RILt0ndjMKoeHUSI8zNqjFNa4Xn2J+TiqqDL:NZndjZVVwk5J0Xqn

Score

10^/10

dcrat infostealer persistence rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

892555689233c21dfdfc0fb10a8241b92d36dd7b2831b28331b2efb6b219fd66.exe

Resource

win7-20221111-en

dcrat infostealer persistence rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

892555689233c21dfdfc0fb10a8241b92d36dd7b2831b28331b2efb6b219fd66.exe

Resource

win10v2004-20220901-en

dcrat infostealer persistence rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  892555689233c21dfdfc0fb10a8241b92d36dd7b2831b28331b2efb6b219fd66
- Size
  
  382KB
- MD5
  
  e341dce8ea14c62cdb2c2a0082c06e6f
- SHA1
  
  40e13801d6e48317eac0019a5d69b5385afe4cd7
- SHA256
  
  892555689233c21dfdfc0fb10a8241b92d36dd7b2831b28331b2efb6b219fd66
- SHA512
  
  d9722cea91e6d4268b4b799c33022978eef8a70f5fb8056b13c60ca2fbe5772423141f94e7ef58095fc49eefb6e0a217a11903e7d23d0c9e8838502225d07b69
- SSDEEP
  
  6144:Nhg8RILt0ndjMKoeHUSI8zNqjFNa4Xn2J+TiqqDL:NZndjZVVwk5J0Xqn
Score

10^/10

dcrat infostealer persistence rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratinfostealerpersistencerat

behavioral2

dcratinfostealerpersistencerat

© 2018-2024

Terms | Privacy