dcrat | 316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a | Triage

Submit
Reports

Overview

overview

Static

static

316fb0649b...7a.exe

windows7-x64

316fb0649b...7a.exe

windows10-2004-x64

Sharing

General

Target

316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a
Size

1.9MB
Sample

230612-3hqlfsef9z
MD5

66c4758d270f2a52ab990220c431a25d
SHA1

c979bf6c0f8a6d2fd628e0d3440e8575a1753b28
SHA256

316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a
SHA512

ff6cb410dbb795ca5f25f3d480e841f606cab95db6e6ff64c942f1a998e4b229d57cae67e73f77ae828bf8f5d74ffc2d50acbf9158d7b0f5eedb54752c9c18ba
SSDEEP

24576:U2G/nvxW3Ww0tcO85CcCWsR0y2VeODD+BHgAANI0ZWWhmmOjkAGcE+gtzuEzs:UbA3045Ls6peLBmNI0ZWWhb1JgG5I

Score

10^/10

dcrat evasion infostealer rat spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a.exe

Resource

win7-20230220-en

dcrat evasion infostealer rat spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a.exe

Resource

win10v2004-20230221-en

dcrat evasion infostealer rat spyware stealer trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a
- Size
  
  1.9MB
- MD5
  
  66c4758d270f2a52ab990220c431a25d
- SHA1
  
  c979bf6c0f8a6d2fd628e0d3440e8575a1753b28
- SHA256
  
  316fb0649b8103b7a2a44c96db309cdb3107b0936f7c9cfe313ab771f22ba07a
- SHA512
  
  ff6cb410dbb795ca5f25f3d480e841f606cab95db6e6ff64c942f1a998e4b229d57cae67e73f77ae828bf8f5d74ffc2d50acbf9158d7b0f5eedb54752c9c18ba
- SSDEEP
  
  24576:U2G/nvxW3Ww0tcO85CcCWsR0y2VeODD+BHgAANI0ZWWhmmOjkAGcE+gtzuEzs:UbA3045Ls6peLBmNI0ZWWhb1JgG5I
Score

10^/10

dcrat evasion infostealer rat spyware stealer trojan
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- UAC bypass
  evasion trojan
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

dcratevasioninfostealerratspywarestealertrojan

behavioral2

dcratevasioninfostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy