dcrat | e64bb75516fa8244fc31da6ee100cc10627f316aabc5ec9cfd2d9f5a028a6e4c | Triage

Submit
Reports

Overview

overview

Static

static

3

ChatGPT-4_Online.rar

windows7-x64

3

ChatGPT-4_Online.rar

windows10-2004-x64

3

ChatGPT-4 Online.exe

windows7-x64

ChatGPT-4 Online.exe

windows10-2004-x64

NL7Data0404.dll

windows7-x64

3

NL7Data0404.dll

windows10-2004-x64

3

NlsData004a.dll

windows7-x64

3

NlsData004a.dll

windows10-2004-x64

3

Sharing

General

Target

ChatGPT-4_Online.rar
Size

2.3MB
Sample

230520-z3tl3ahc8z
MD5

ae9cc5aada7d190699750a0637b91c44
SHA1

3bd4c2389e6db658719bf3a224ae58d72d076538
SHA256

e64bb75516fa8244fc31da6ee100cc10627f316aabc5ec9cfd2d9f5a028a6e4c
SHA512

cb2367a973d4bb389b75e5926a8e7115596c83016fc5fc9c8239ae0c663cedfbe8cb86aabc2fc7282620108efa189fd0c4a4afe0e37d80a33526381e114e3832
SSDEEP

49152:e+1J1nX5LY2DfnuGPq2cFaqZS0ah8BoAcIkvnEUNuC06hWydTbW:dv1JLY2Du2q24aqkZaBoAcIkMyWyw

Score

10^/10

dcrat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ChatGPT-4_Online.rar

Resource

win7-20230220-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ChatGPT-4_Online.rar

Resource

win10v2004-20230220-en

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral3

Sample

ChatGPT-4 Online.exe

Resource

win7-20230220-en

dcrat infostealer rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral4

Sample

ChatGPT-4 Online.exe

Resource

win10v2004-20230220-en

dcrat infostealer rat

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral5

Sample

NL7Data0404.dll

Resource

win7-20230220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

NL7Data0404.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral7

Sample

NlsData004a.dll

Resource

win7-20230220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

NlsData004a.dll

Resource

win10v2004-20230221-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  ChatGPT-4_Online.rar
- Size
  
  2.3MB
- MD5
  
  ae9cc5aada7d190699750a0637b91c44
- SHA1
  
  3bd4c2389e6db658719bf3a224ae58d72d076538
- SHA256
  
  e64bb75516fa8244fc31da6ee100cc10627f316aabc5ec9cfd2d9f5a028a6e4c
- SHA512
  
  cb2367a973d4bb389b75e5926a8e7115596c83016fc5fc9c8239ae0c663cedfbe8cb86aabc2fc7282620108efa189fd0c4a4afe0e37d80a33526381e114e3832
- SSDEEP
  
  49152:e+1J1nX5LY2DfnuGPq2cFaqZS0ah8BoAcIkvnEUNuC06hWydTbW:dv1JLY2Du2q24aqkZaBoAcIkMyWyw
Score

3^/10
behavioral1 behavioral2
- Target
  
  ChatGPT-4 Online.exe
- Size
  
  1.2MB
- MD5
  
  88f8bb1fa6bdda82ff9e4150e5084533
- SHA1
  
  daa56b740fde8da38580c1f053e4511d20a5b733
- SHA256
  
  8a6672b8b7165db85a63750a12a89f8c0d55f7f2a98042f25be8740324469ecc
- SHA512
  
  8add946ceee5e3b8440b1be7ce2eedb84c70fa72eaaecacfa00e214660743bebec22a72056313ea66c287ab5fe9b36a53593cc8d7567bafb11db40dfa2c1912b
- SSDEEP
  
  24576:lgZXoZUTVdt7KP1r0tNH7zaWHXw6uyRZ3gVb1s7qagNqT083VxMa:Q6CNb2W4hO7j083Vxv
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  NL7Data0404.dll
- Size
  
  2.2MB
- MD5
  
  81b14fd1c9d2b830e55c93c4c38afa2f
- SHA1
  
  975bef050d9e8d2ee577e1b4db5dd6e2d67bff20
- SHA256
  
  878e2dbac4b6a6bcce54742f3c7bfd87aa93a6637cccc1e5d18ab65215d81bee
- SHA512
  
  16bcd415ca4cfc8813d990a304723a87122eede56a4f2c84b8fac91ccb0d5fd9c2db413358eecf145c1faad5b74f16b516a3c5e12f977bbca0cb6f66cc73d3ec
- SSDEEP
  
  24576:WckkkkkkHxKjbNX7UtOGwu1fg5tXVD539swzYNefx+Pff5pn3DXBdVjtxv/Ui:WeKYtOGwu1fg5FtJ9nMX5bL9z
Score

3^/10
behavioral5 behavioral6
- Target
  
  NlsData004a.dll
- Size
  
  3.1MB
- MD5
  
  be007b645b9d1332e3346107727320d9
- SHA1
  
  0717c6fea33ddd04b9f032039d23c66efd5e5f76
- SHA256
  
  7b128be8d77398cbc3bb789a34e21afc984c2e87276907a01326f8fb4504e9da
- SHA512
  
  8e205aaf5ef8a1e5259634ff51b1e0da8bf35ace547e01de05a02dd0ad55ef7a46329737ba062556c195ba0ef6e3722ea144752f0aa8330c440dac38b2653f82
- SSDEEP
  
  24576:oJEJNe9wndvrpof5UUv6ujcqJByewHXqQpiPlJKaTsO0KwRB3Q/CDuCF:k9CNofaXXqQpTawO0KwRB3Q/Au
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

dcratinfostealerrat

behavioral4

dcratinfostealerrat

behavioral5

behavioral6

behavioral7

behavioral8

© 2018-2024

Terms | Privacy