dcrat | 578ad54194b7c74d3c07f5f7cc2ce27e77cc2d1224a09922e04ef06fc3a295d9 | Triage

Submit
Reports

Overview

overview

Static

static

3

DCRatBuild8.exe

windows7-x64

DCRatBuild8.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

DCRatBuild8.exe
Size

2.4MB
Sample

230823-sd4x6sda24
MD5

6d6d0d8735a51e18174a1bae2d09115c
SHA1

62f0dea7509ef394724a3572d17136f66901ed0c
SHA256

578ad54194b7c74d3c07f5f7cc2ce27e77cc2d1224a09922e04ef06fc3a295d9
SHA512

823895e108a4c75d5e5cc24e322376706234d99e4087874f5ac3893e01e528db328738ec7f5813006f1b27f2851b1a5c650e6c53a9b008ec362187a52fa74a32
SSDEEP

49152:ZkXpq9DaJuklVRUCjk/fdpG/97v8Ij+GoHvvIzhxRnRJ:SX49DakkJ/gXfGhv9aGo6xxj

Score

10^/10

dcrat redline pizdun infostealer rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

DCRatBuild8.exe

Resource

win7-20230712-en

dcrat redline pizdun infostealer rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

DCRatBuild8.exe

Resource

win10v2004-20230703-en

redline pizdun infostealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Pizdun

C2

94.142.138.219:20936

Attributes

auth_value
20a1f7fe6575c6613ee7cc5d3025af70

Targets

- Target
  
  DCRatBuild8.exe
- Size
  
  2.4MB
- MD5
  
  6d6d0d8735a51e18174a1bae2d09115c
- SHA1
  
  62f0dea7509ef394724a3572d17136f66901ed0c
- SHA256
  
  578ad54194b7c74d3c07f5f7cc2ce27e77cc2d1224a09922e04ef06fc3a295d9
- SHA512
  
  823895e108a4c75d5e5cc24e322376706234d99e4087874f5ac3893e01e528db328738ec7f5813006f1b27f2851b1a5c650e6c53a9b008ec362187a52fa74a32
- SSDEEP
  
  49152:ZkXpq9DaJuklVRUCjk/fdpG/97v8Ij+GoHvvIzhxRnRJ:SX49DakkJ/gXfGhv9aGo6xxj
Score

10^/10

dcrat redline pizdun infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratredlinepizduninfostealerrat

behavioral2

redlinepizduninfostealer

© 2018-2025

Terms | Privacy