dcrat | d9552d49aa4d61f13900f23c9db7f1d724b3fc312075c7963591d79dcc4cbbcb | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

d9552d49aa4d61f13900f23c9db7f1d724b3fc312075c7963591d79dcc4cbbcb
Size

1.7MB
Sample

230324-w1rg5sge47
MD5

37bfaf74ab56df532afab6cb84592417
SHA1

7bca3a29bbc23040259b6abb84eea1a4b979ceaa
SHA256

d9552d49aa4d61f13900f23c9db7f1d724b3fc312075c7963591d79dcc4cbbcb
SHA512

76ebcc6a8427aff38c0d517c8e08389b96302eec74261cd25cdefa6dd0b69282b27ed933d0ae106ac40b08e3be2b1bdc0333801d4c2d657da88bec8204fde234
SSDEEP

24576:3VJjECP6qVdNK3erYnMR+3FQl4jGgPsu2+yHm5gHHOoyt6oNbGDC:XeMSQlkGgPT2cUOd6oMDC

Score

10^/10

dcrat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

d9552d49aa4d61f13900f23c9db7f1d724b3fc312075c7963591d79dcc4cbbcb.exe

Resource

win10v2004-20230221-en

dcrat infostealer rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  d9552d49aa4d61f13900f23c9db7f1d724b3fc312075c7963591d79dcc4cbbcb
- Size
  
  1.7MB
- MD5
  
  37bfaf74ab56df532afab6cb84592417
- SHA1
  
  7bca3a29bbc23040259b6abb84eea1a4b979ceaa
- SHA256
  
  d9552d49aa4d61f13900f23c9db7f1d724b3fc312075c7963591d79dcc4cbbcb
- SHA512
  
  76ebcc6a8427aff38c0d517c8e08389b96302eec74261cd25cdefa6dd0b69282b27ed933d0ae106ac40b08e3be2b1bdc0333801d4c2d657da88bec8204fde234
- SSDEEP
  
  24576:3VJjECP6qVdNK3erYnMR+3FQl4jGgPsu2+yHm5gHHOoyt6oNbGDC:XeMSQlkGgPT2cUOd6oMDC
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

dcratinfostealerrat

© 2018-2024

Terms | Privacy