dcrat | 653338c4567ee53445c1bcc0f9561fc5f8f6f5ddbeec4b8032d33a4be19d1fb2 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

653338c4567ee53445c1bcc0f9561fc5f8f6f5ddbeec4b8032d33a4be19d1fb2
Size

1.3MB
Sample

230203-mqcrkahh2w
MD5

8a8e9cea1388328e9fee42e7d7d6aba3
SHA1

5db124406f80215cb17d438ddb033bae9afa8eec
SHA256

653338c4567ee53445c1bcc0f9561fc5f8f6f5ddbeec4b8032d33a4be19d1fb2
SHA512

ab16eec8b9e6efc947e961a600cba13d626e75263823978b5fbc21207ede3ff82ba640f79d1d558fba45d9d8254d0a3889d3df84b60b03b3b1e0b8c13a6bf0ea
SSDEEP

24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score

10^/10

dcrat infostealer rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

653338c4567ee53445c1bcc0f9561fc5f8f6f5ddbeec4b8032d33a4be19d1fb2.exe

Resource

win10v2004-20221111-en

dcrat infostealer rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  653338c4567ee53445c1bcc0f9561fc5f8f6f5ddbeec4b8032d33a4be19d1fb2
- Size
  
  1.3MB
- MD5
  
  8a8e9cea1388328e9fee42e7d7d6aba3
- SHA1
  
  5db124406f80215cb17d438ddb033bae9afa8eec
- SHA256
  
  653338c4567ee53445c1bcc0f9561fc5f8f6f5ddbeec4b8032d33a4be19d1fb2
- SHA512
  
  ab16eec8b9e6efc947e961a600cba13d626e75263823978b5fbc21207ede3ff82ba640f79d1d558fba45d9d8254d0a3889d3df84b60b03b3b1e0b8c13a6bf0ea
- SSDEEP
  
  24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

© 2018-2025

Terms | Privacy