dcrat | 90466f699fc91f2e2cc7a31699e303eb2979509361d4de47e9345456453304d7 | Triage

Submit
Reports

Overview

overview

Static

static

7

comSessionMonitor.exe

windows10-2004-x64

Sharing

General

Target

comSessionMonitor.exe
Size

20.0MB
Sample

230609-xkcjqada66
MD5

c92d0c164406653b0fb1c71a1868084c
SHA1

91123ec3168ef21028cb1f2e4dd99d569b0798f5
SHA256

90466f699fc91f2e2cc7a31699e303eb2979509361d4de47e9345456453304d7
SHA512

03e482a12f2daac406d8cd115de6c9955aedfba6fd5969c0078b661d0c4f8ce9228f88461171e4eeb7de76c0d613756f86f212db49b378bd23fe3c35f7e68915
SSDEEP

393216:t7u8d72nGlZ37wO7Nw39s2wT9Rn/lYIIkurtWNb8ziaKIT71/m0mANL7Zv:t775lVcCNw39n6F/lYSu0C0Iv1/jmiZv

Score

10^/10

dcrat evasion infostealer rat themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

comSessionMonitor.exe

Resource

win10v2004-20230220-en

dcrat evasion infostealer rat themida trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  comSessionMonitor.exe
- Size
  
  20.0MB
- MD5
  
  c92d0c164406653b0fb1c71a1868084c
- SHA1
  
  91123ec3168ef21028cb1f2e4dd99d569b0798f5
- SHA256
  
  90466f699fc91f2e2cc7a31699e303eb2979509361d4de47e9345456453304d7
- SHA512
  
  03e482a12f2daac406d8cd115de6c9955aedfba6fd5969c0078b661d0c4f8ce9228f88461171e4eeb7de76c0d613756f86f212db49b378bd23fe3c35f7e68915
- SSDEEP
  
  393216:t7u8d72nGlZ37wO7Nw39s2wT9Rn/lYIIkurtWNb8ziaKIT71/m0mANL7Zv:t775lVcCNw39n6F/lYSu0C0Iv1/jmiZv
Score

10^/10

dcrat evasion infostealer rat themida trojan
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratevasioninfostealerratthemidatrojan

© 2018-2024

Terms | Privacy