dcrat | d49b39591c4dd59a8f0306e3157788a32258f4bef0b60869f47bbf62fac87ee8 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

d49b39591c4dd59a8f0306e3157788a32258f4bef0b60869f47bbf62fac87ee8
Size

1.3MB
Sample

230203-bzd57shf82
MD5

84905591312d643b26140b972e9a214e
SHA1

3e4a9158930e43c18490ad82899b1a253558bda5
SHA256

d49b39591c4dd59a8f0306e3157788a32258f4bef0b60869f47bbf62fac87ee8
SHA512

f98e04499d697c0824ebdd635673ce903e1175f4caace1c2be95d9db9781e8c73bd0a3fd089101c3d7ebdd454c028b051c9a7384114fe3ac41a18e5a117fb3e5
SSDEEP

24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score

10^/10

dcrat infostealer rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d49b39591c4dd59a8f0306e3157788a32258f4bef0b60869f47bbf62fac87ee8.exe

Resource

win10-20220901-en

dcrat infostealer rat

windows10-1703-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  d49b39591c4dd59a8f0306e3157788a32258f4bef0b60869f47bbf62fac87ee8
- Size
  
  1.3MB
- MD5
  
  84905591312d643b26140b972e9a214e
- SHA1
  
  3e4a9158930e43c18490ad82899b1a253558bda5
- SHA256
  
  d49b39591c4dd59a8f0306e3157788a32258f4bef0b60869f47bbf62fac87ee8
- SHA512
  
  f98e04499d697c0824ebdd635673ce903e1175f4caace1c2be95d9db9781e8c73bd0a3fd089101c3d7ebdd454c028b051c9a7384114fe3ac41a18e5a117fb3e5
- SSDEEP
  
  24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

© 2018-2024

Terms | Privacy