dcrat | d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48 | Triage

Submit
Reports

Overview

overview

Static

static

3

d65fdeff64...48.exe

windows7-x64

d65fdeff64...48.exe

windows10-2004-x64

Sharing

General

Target

d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48.exe
Size

2.9MB
Sample

230521-z6xswsfc9v
MD5

2ca3bafc7886b966e722a487e9ebb777
SHA1

cd1e4658d593e53bee15594c58be888436ce4176
SHA256

d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48
SHA512

58876c4383f7873134c5d4b4ca13881ad22d4f9c566af98fdc1221c0c5c2fb13bc02723ff34d63c12be6e76025397bff95b37c25fdb96350dbff325b3f71d2f8
SSDEEP

49152:LInicyfxXlMoAlSmEfqV62QVc7921m1ryrjFkcVQBRE6:Lkyl6KUtPGr3L

Score

10^/10

dcrat discovery evasion exploit infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48.exe

Resource

win7-20230220-en

dcrat discovery evasion exploit infostealer rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48.exe

Resource

win10v2004-20230220-en

dcrat discovery evasion exploit infostealer rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48.exe
- Size
  
  2.9MB
- MD5
  
  2ca3bafc7886b966e722a487e9ebb777
- SHA1
  
  cd1e4658d593e53bee15594c58be888436ce4176
- SHA256
  
  d65fdeff64de39aecb66d54b9507dbda3a73b35d58311294d5867117e93e0b48
- SHA512
  
  58876c4383f7873134c5d4b4ca13881ad22d4f9c566af98fdc1221c0c5c2fb13bc02723ff34d63c12be6e76025397bff95b37c25fdb96350dbff325b3f71d2f8
- SSDEEP
  
  49152:LInicyfxXlMoAlSmEfqV62QVc7921m1ryrjFkcVQBRE6:Lkyl6KUtPGr3L
Score

10^/10

dcrat discovery evasion exploit infostealer rat trojan
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratdiscoveryevasionexploitinfostealerrattrojan

behavioral2

dcratdiscoveryevasionexploitinfostealerrattrojan

© 2018-2024

Terms | Privacy