dcrat | b5033ef20a56db2c7751506e413b6ff82b861de6f83c156f9249105eaa1db596 | Triage

Submit
Reports

Overview

overview

Static

static

8

b5033ef20a...6.dotm

windows7-x64

b5033ef20a...6.dotm

windows10-2004-x64

Sharing

General

Target

b5033ef20a56db2c7751506e413b6ff82b861de6f83c156f9249105eaa1db596
Size

15KB
Sample

230130-jtmt6ahf75
MD5

f241091ae1293c0a2ae516a374af2062
SHA1

6390737f980d3e96146c7d323e135ddfd41ab260
SHA256

b5033ef20a56db2c7751506e413b6ff82b861de6f83c156f9249105eaa1db596
SHA512

464c8eb31a8afe0767d065d4438b85876747e238c019b2b2ffbdd9e75b57e03ecf0d7fbf72916d34dc9e5aa7a38cd1936f2ad89934a420f911612bfb45adfd00
SSDEEP

384:tmtegnDrrVsC78JecdkaP6akwLWdxd8KYB3HF:qlnDrrJ8J/ytakw6Lm1F

Score

10^/10

dcrat infostealer macro rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b5033ef20a56db2c7751506e413b6ff82b861de6f83c156f9249105eaa1db596.dotm

Resource

win7-20220812-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5033ef20a56db2c7751506e413b6ff82b861de6f83c156f9249105eaa1db596.dotm

Resource

win10v2004-20221111-en

dcrat infostealer rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://cdn.discordapp.com/attachments/997157313536344088/1067399880701657098/9hmhx13dh.exe

Targets

- Target
  
  b5033ef20a56db2c7751506e413b6ff82b861de6f83c156f9249105eaa1db596
- Size
  
  15KB
- MD5
  
  f241091ae1293c0a2ae516a374af2062
- SHA1
  
  6390737f980d3e96146c7d323e135ddfd41ab260
- SHA256
  
  b5033ef20a56db2c7751506e413b6ff82b861de6f83c156f9249105eaa1db596
- SHA512
  
  464c8eb31a8afe0767d065d4438b85876747e238c019b2b2ffbdd9e75b57e03ecf0d7fbf72916d34dc9e5aa7a38cd1936f2ad89934a420f911612bfb45adfd00
- SSDEEP
  
  384:tmtegnDrrVsC78JecdkaP6akwLWdxd8KYB3HF:qlnDrrJ8J/ytakw6Lm1F
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy