dcrat | 2f0cdc7d4ba53c01c835c4f1dfd15d7bd86f96ed767a279cb9c8529b44cd4931 | Triage

Submit
Reports

Overview

overview

Static

static

3041f94ecd...55.exe

windows7-x64

3041f94ecd...55.exe

windows10-2004-x64

Sharing

General

Target

3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755(DCRat).zip
Size

2.0MB
Sample

230324-w28staaf6s
MD5

65c73c59b9a7d0cc7365d155370477a3
SHA1

bc840bb02b11a108f3d3a2dd45c44a7b6c0e0f91
SHA256

2f0cdc7d4ba53c01c835c4f1dfd15d7bd86f96ed767a279cb9c8529b44cd4931
SHA512

7f249085e437b3bbc09f626fca4be72f1f029d1c73d82e26e9deb8f720ac2d8ac4a05ad009868c87d0ae5ba7d11dc9a8f66664edb36a412c5a6f7c02deecde7c
SSDEEP

49152:L66Ez19qIhCEQT9QSVIOrWd+83ZxyDl+YnaJxfC0C7x8QUVbwIhpU:LwXqJEuVuDbyDAKa760YuQUp4

Score

10^/10

dcrat evasion infostealer rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755.exe

Resource

win7-20230220-en

dcrat evasion infostealer rat trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755.exe

Resource

win10v2004-20230220-en

dcrat evasion infostealer rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755.exe
- Size
  
  2.4MB
- MD5
  
  0e444044fdfea512ca18fc3396abb65b
- SHA1
  
  8b601ccad5b2a76967c0ca7579dc13d092307f34
- SHA256
  
  3041f94ecddb3116d07dc174c4297b43d022b48282df8acc25dfac2ffc5b0755
- SHA512
  
  7b58b88c7fbcd7b97d1a08f2145794beefa2960382140bac74f1f4fe630cdd0314cd9bceb599a32c56788df1e0e9dccf84c1598c52f9c581389327428696e119
- SSDEEP
  
  49152:bkcwlRFUh2b69Cs9MR3uh+tytRY1aLXYqIiiJd2EHt:bkdlRI3ceI1azYqWj
Score

10^/10

dcrat evasion infostealer rat trojan
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- UAC bypass
  evasion trojan
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratevasioninfostealerrattrojan

behavioral2

dcratevasioninfostealerrattrojan

© 2018-2024

Terms | Privacy