dcrat | 15ecac387530678e8e1834128e6c9a1b927bfa1c87418b371bd2d2608bca0771 | Triage

Submit
Reports

Overview

overview

Static

static

1

3625833cde...ce.exe

windows7-x64

3625833cde...ce.exe

windows10-2004-x64

Sharing

General

Target

3625833cde9d774b2495a77de316941efb1df45fc6f71b4f1f8377b6398744ce.zip
Size

1.4MB
Sample

230321-rx789sdb9z
MD5

51f7bb82ac2e2df4c4f4d5d30ebdf586
SHA1

64abf7bb5c5f3ebb223facd437d753706399d58c
SHA256

15ecac387530678e8e1834128e6c9a1b927bfa1c87418b371bd2d2608bca0771
SHA512

8d5addb675811e2364aed7b2d904b5fc081fdb1e3305e5299c8341e98c602f65e4276d7dc8cec7791390887bc3543427ec43a971398f80553b85de490df3e5e5
SSDEEP

24576:sN6x6oLjTJWbNzwF2r7xl86RioXlf0hSkL3nbVU8LE8+eS5JgEDRngMSnNDu2Z:sKLjTEhw4r7xl8iNASOnhVLLRS5JgCEZ

Score

10^/10

dcrat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

3625833cde9d774b2495a77de316941efb1df45fc6f71b4f1f8377b6398744ce.exe

Resource

win7-20230220-en

dcrat infostealer rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

3625833cde9d774b2495a77de316941efb1df45fc6f71b4f1f8377b6398744ce.exe

Resource

win10v2004-20230220-en

dcrat infostealer rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  3625833cde9d774b2495a77de316941efb1df45fc6f71b4f1f8377b6398744ce.exe
- Size
  
  3.3MB
- MD5
  
  ddac8bba5380b8456c357e9f6523de0d
- SHA1
  
  c2674071b749dc0ca6e3d311b43fd36b76ba1934
- SHA256
  
  3625833cde9d774b2495a77de316941efb1df45fc6f71b4f1f8377b6398744ce
- SHA512
  
  7651acb8274ff669ca15e320c0fa74d55afea513da0904079bf5007bcca3a8ba6eca5f803e60f5397fc684c14cdb3324d9d9d3d0b6df08132c7862651f28869a
- SSDEEP
  
  49152:Pk5mOmHTQjxnjZwzKmo1MMXHSL7jPvKOR3bApKIOel3J:POm6w23WvKwApKIO8
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy