dcrat | 62f1d4e331c6eaa835a1b1cd59244a6b064f0dfe8b97f07ec51336b6258a1eba | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

a8331e50e8...in.exe

windows7-x64

a8331e50e8...in.exe

windows10-2004-x64

Sharing

General

Target

a8331e50e85849f47d59f1d1f14fd78e.bin.exe
Size

1.1MB
Sample

230804-r5p3nacf7v
MD5

a8331e50e85849f47d59f1d1f14fd78e
SHA1

709f5b95b0b51079f6b9374a30e0a2319ee2cfa3
SHA256

62f1d4e331c6eaa835a1b1cd59244a6b064f0dfe8b97f07ec51336b6258a1eba
SHA512

c42d6abc7108c2d50bf1f7b272f3c5cff9a5a8134db9fd3a871aab48fd12b74521780b734db1224a6953d4ad0be14dc1e4b0de9a00a6bd1ba8da350e2bdf54e3
SSDEEP

24576:Uo53R8dBoeZfWoXzNOraLyMkKH/5KOguyRs6CE3jLMpppdpppppUO9Rs6CE3jLMt:55CbTf/BEaLyv8YuyRs6CE3jLbO9Rs6I

Score

10^/10

dcrat infostealer rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a8331e50e85849f47d59f1d1f14fd78e.bin.exe

Resource

win7-20230712-en

dcrat infostealer rat spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

a8331e50e85849f47d59f1d1f14fd78e.bin.exe

Resource

win10v2004-20230703-en

dcrat infostealer rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  a8331e50e85849f47d59f1d1f14fd78e.bin.exe
- Size
  
  1.1MB
- MD5
  
  a8331e50e85849f47d59f1d1f14fd78e
- SHA1
  
  709f5b95b0b51079f6b9374a30e0a2319ee2cfa3
- SHA256
  
  62f1d4e331c6eaa835a1b1cd59244a6b064f0dfe8b97f07ec51336b6258a1eba
- SHA512
  
  c42d6abc7108c2d50bf1f7b272f3c5cff9a5a8134db9fd3a871aab48fd12b74521780b734db1224a6953d4ad0be14dc1e4b0de9a00a6bd1ba8da350e2bdf54e3
- SSDEEP
  
  24576:Uo53R8dBoeZfWoXzNOraLyMkKH/5KOguyRs6CE3jLMpppdpppppUO9Rs6CE3jLMt:55CbTf/BEaLyv8YuyRs6CE3jLbO9Rs6I
Score

10^/10

dcrat infostealer rat spyware stealer
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerratspywarestealer

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy