dcrat | 951200b548a2b83861ca55e027d5b1dae7def312228afbb401d21b5bc2edd7d4 | Triage

Submit
Reports

Overview

overview

Static

static

af62557648...1e.exe

windows7-x64

af62557648...1e.exe

windows10-2004-x64

Sharing

General

Target

af625576485e2091fbfa4568c3a3c546bd2a8f470cb69afa09f6bcf0ebac1d1e.zip
Size

909KB
Sample

230321-rx93vsbb42
MD5

92c7a210f1989f2df32ba296c7f91638
SHA1

47173ecd8c3efaa63c772acb8ed16bba3a0d8e81
SHA256

951200b548a2b83861ca55e027d5b1dae7def312228afbb401d21b5bc2edd7d4
SHA512

100bbc610f7347ef47d4bf4c9ca02b3e5fa274d6139f7736f72080997b5d5c93efe7aaeca9425f4cb5642430091ea1d3d40fd7ead32e51db0ae4bca1ed7fafff
SSDEEP

24576:ZEt6qbnesHW1yLwALeSz+K82YEJwz8wTFROw9H:WMeW1yLZt+K82jwz8CROa

Score

10^/10

dcrat infostealer rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

af625576485e2091fbfa4568c3a3c546bd2a8f470cb69afa09f6bcf0ebac1d1e.exe

Resource

win7-20230220-en

dcrat infostealer rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

af625576485e2091fbfa4568c3a3c546bd2a8f470cb69afa09f6bcf0ebac1d1e.exe

Resource

win10v2004-20230220-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  af625576485e2091fbfa4568c3a3c546bd2a8f470cb69afa09f6bcf0ebac1d1e.exe
- Size
  
  1.3MB
- MD5
  
  33dbb523c14738bf48d314111c00906c
- SHA1
  
  83da7977d5b08038fac809b0f7c9a57c008f285e
- SHA256
  
  af625576485e2091fbfa4568c3a3c546bd2a8f470cb69afa09f6bcf0ebac1d1e
- SHA512
  
  e1eadb73b5091d62afb166d81a244173073bca7f0c09fcfd22138f26705100dda11639eb662e16d2624bcc627805b46de540fa43e527835cec9a8515adc809e2
- SSDEEP
  
  24576:Qc1ovc94+x/XIzyRGezpFezu4GTVSbvaBTJpbvol3:FG3+xz9lFezFGT8bEda
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy