dcrat | 926f1e477e9b51081f5ec58351b6913299d4878e91f976705a3a77f2fb3bc924 | Triage

Submit
Reports

Overview

overview

Static

static

3

bd8e3c6dde...ea.exe

windows7-x64

bd8e3c6dde...ea.exe

windows10-2004-x64

Sharing

General

Target

58fed568080018ec2f41b2461b7c5dd6.bin
Size

990KB
Sample

230522-blakvsdc56
MD5

fc2fb74e52b63cb16ff027ec105edfeb
SHA1

d562ea5d064cbbf551bc7f5c46689fb92ddcc3b7
SHA256

926f1e477e9b51081f5ec58351b6913299d4878e91f976705a3a77f2fb3bc924
SHA512

9fbd9310afbfd0aadc4ef62da650dddd853188f3af3fa70f8a0b5e0bf623f762df931f4e558d05322f5cfbcc1d415493eeee8323aab249562e5d362593d8c532
SSDEEP

24576:euhi0moxvLPASvv4FGBwjkAtuabaykOkGYgUievz:TmOEj22NhuNOFYxiuz

Score

10^/10

dcrat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bd8e3c6dde0d469b97780ad57d4fbd759f21774f9716fa8d600c0b0460bc10ea.exe

Resource

win7-20230220-en

dcrat infostealer rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

bd8e3c6dde0d469b97780ad57d4fbd759f21774f9716fa8d600c0b0460bc10ea.exe

Resource

win10v2004-20230220-en

dcrat infostealer rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  bd8e3c6dde0d469b97780ad57d4fbd759f21774f9716fa8d600c0b0460bc10ea.exe
- Size
  
  1.8MB
- MD5
  
  58fed568080018ec2f41b2461b7c5dd6
- SHA1
  
  cf2113543fb2d9a14774399876a69fb3b9bdfecd
- SHA256
  
  bd8e3c6dde0d469b97780ad57d4fbd759f21774f9716fa8d600c0b0460bc10ea
- SHA512
  
  06433ab4aa9e17edaa2bae18b9f6e10eb08a2b0ec4103f04ad99ed4225a83bb28a905e6ce4b1baaf9a84ecd3c808bf97f60a5d9cd534789ac9f3756c9383b0f0
- SSDEEP
  
  24576:63YTdC5hmZmu81pFyOc5NzJkawKlmR25MALfyJjV/:BTdC+Lo8OgV9xmjz/
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy