dcrat | eb058bb526ec0e8b9d477425af771f9c13dd68ed6a120ac19d8920403253326a | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

1.6MB
Sample

230820-y5klhaag31
MD5

cd4ee1a7a160a3c103e775ec9136f10a
SHA1

53bedd6edbba3e0a56268362b3451e9a1fdc1627
SHA256

eb058bb526ec0e8b9d477425af771f9c13dd68ed6a120ac19d8920403253326a
SHA512

220101710ac33527532d1b1c153ce8bd477b3b7a282fbb1a5e3139b8cd5f064fee305ef16b77b228970ce31cc378c3e9cdb57def29f36b978a4ba7f362db5d59
SSDEEP

24576:T2G/nvxW3WjfexVOsf1916TKXVF6A/fIreiReAqzEqB+qLzqb3nxBzP4U1xg:TbA3Gn6L9QeVAqzEqPOFBzPXu

Score

10^/10

dcrat evasion infostealer rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230712-en

dcrat evasion infostealer rat spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230703-en

dcrat evasion infostealer rat spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  1.6MB
- MD5
  
  cd4ee1a7a160a3c103e775ec9136f10a
- SHA1
  
  53bedd6edbba3e0a56268362b3451e9a1fdc1627
- SHA256
  
  eb058bb526ec0e8b9d477425af771f9c13dd68ed6a120ac19d8920403253326a
- SHA512
  
  220101710ac33527532d1b1c153ce8bd477b3b7a282fbb1a5e3139b8cd5f064fee305ef16b77b228970ce31cc378c3e9cdb57def29f36b978a4ba7f362db5d59
- SSDEEP
  
  24576:T2G/nvxW3WjfexVOsf1916TKXVF6A/fIreiReAqzEqB+qLzqb3nxBzP4U1xg:TbA3Gn6L9QeVAqzEqPOFBzPXu
Score

10^/10

dcrat evasion infostealer rat spyware stealer
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratevasioninfostealerratspywarestealer

behavioral2

dcratevasioninfostealerratspywarestealer

© 2018-2025

Terms | Privacy