dcrat | cd83427b301bad7fc71f23cb121a4c41483b2f0278c54e9595583e8f2865f004

Resubmissions

14/06/2023, 00:49

230614-a6lm7acd45 10

14/06/2023, 00:49

230614-a6ejwacd44 10

14/06/2023, 00:21

230614-and6dscd27 10

Analysis

max time kernel
33s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Allergies List and Allowed Substances.numb05151.pdf.scr
Size

920.3MB
MD5

491c5ac82977262ef24bd22ad312c622
SHA1

1f0555370f07e94182059701f63e940429757157
SHA256

ea770032c44e773b9c9865d4ff3bfb10f76b003ace1bbfbe45755ffff227e5fe
SHA512

a9974fe623a979e12d8493200f36aa4aab5763ea97ed4d5924fb1f579038d686bb10d789d576343ce4ca4c8a4657ed9404b7ffb52f701f6f880eb75e766f6734
SSDEEP

393216:rc8yiMPNWZV4nXF12elEA7YKsHES/Sl50l:rcOMPNWTM2elpBtSwW

Score

10^/10

dcrat infostealer rat

Malware Config

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
behavioral1/memory/5108-133-0x0000000000EB0000-0x0000000003816000-memory.dmp	dcrat

.NET Reactor proctector 34 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/5108-133-0x0000000000EB0000-0x0000000003816000-memory.dmp	net_reactor
behavioral1/memory/5108-135-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-136-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-138-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-140-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-142-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-144-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-146-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-148-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-150-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-152-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-154-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-156-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-158-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-160-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-162-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-164-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-166-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-168-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-170-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-172-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-174-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-176-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-178-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-182-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-180-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-184-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-186-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-188-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-190-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-192-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-194-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-196-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor
behavioral1/memory/5108-198-0x000000001E640000-0x000000001E790000-memory.dmp	net_reactor

C:\Users\Admin\AppData\Local\Temp\Allergies List and Allowed Substances.numb05151.pdf.scr
"C:\Users\Admin\AppData\Local\Temp\Allergies List and Allowed Substances.numb05151.pdf.scr" /S
1⤵
PID:5108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5108-133-0x0000000000EB0000-0x0000000003816000-memory.dmp

Filesize
41.4MB

Download
memory/5108-134-0x00000000058E0000-0x00000000058F0000-memory.dmp

Filesize
64KB

Download
memory/5108-135-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-136-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-138-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-140-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-142-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-144-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-146-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-148-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-150-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-152-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-154-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-156-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-158-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-160-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-162-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-164-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-166-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-168-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-170-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-172-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-174-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-176-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-178-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-182-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-180-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-184-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-186-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-188-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-190-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-192-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-194-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-196-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-198-0x000000001E640000-0x000000001E790000-memory.dmp

Filesize
1.3MB

Download
memory/5108-748-0x00000000058E0000-0x00000000058F0000-memory.dmp

Filesize
64KB

Download