dcrat | 7de778c5153ba0ae2157f8a3ea78ef402c63d014a9fa719257cee24089e4a88f | Triage

Submit
Reports

Overview

overview

Static

static

3

YammiBeta.exe

windows7-x64

YammiBeta.exe

windows10-1703-x64

YammiBeta.exe

windows10-2004-x64

Resubmissions

26-08-2023 13:46

230826-q3a1aaaf29 10

26-08-2023 13:43

230826-q1fsraae94 10

26-08-2023 13:42

230826-qzw4caae79 10

26-08-2023 13:42

230826-qzq74aae76 10

26-08-2023 13:39

230826-qx3hcaae65 10

26-08-2023 13:37

230826-qw8mzaae57 10

26-08-2023 13:36

230826-qwa2pscd7t 10

26-08-2023 13:35

230826-qvphpsae53 10

26-08-2023 13:34

230826-qvlrtacd7s 10

26-08-2023 13:34

230826-qt543acd61 10

Sharing

General

Target

YammiBeta.exe
Size

1.1MB
Sample

230826-qzq74aae76
MD5

6b5050c12abc27bad622f9af8ed7ebe3
SHA1

506be642a7d276c783bfd32a754a9bd1373abaea
SHA256

7de778c5153ba0ae2157f8a3ea78ef402c63d014a9fa719257cee24089e4a88f
SHA512

22ffa4c6afd0661307ca1a3a349e19f9fbb8739e382e2fea7b1ec59200c3d7ca06241b2f5154246ce2b8165da26eac31e70f2a0f4ff586e5b09cf0c993b2d319
SSDEEP

24576:348l0DlMFVPNpQiWq5KMsEINq4pXCxTRg/9QyGTlouInmUf/6ix5GWZ:35yeVPRWq5KMspBpX+wLEojnm3RE

Score

10^/10

dcrat infostealer rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

YammiBeta.exe

Resource

win7-20230824-en

dcrat infostealer rat spyware stealer

windows7-x64

18 signatures

1800 seconds

Behavioral task

behavioral2

Sample

YammiBeta.exe

Resource

win10-20230703-en

dcrat infostealer rat spyware stealer

windows10-1703-x64

18 signatures

1800 seconds

Behavioral task

behavioral3

Sample

YammiBeta.exe

Resource

win10v2004-20230703-en

dcrat infostealer rat spyware stealer

windows10-2004-x64

18 signatures

1800 seconds

Malware Config

Targets

- Target
  
  YammiBeta.exe
- Size
  
  1.1MB
- MD5
  
  6b5050c12abc27bad622f9af8ed7ebe3
- SHA1
  
  506be642a7d276c783bfd32a754a9bd1373abaea
- SHA256
  
  7de778c5153ba0ae2157f8a3ea78ef402c63d014a9fa719257cee24089e4a88f
- SHA512
  
  22ffa4c6afd0661307ca1a3a349e19f9fbb8739e382e2fea7b1ec59200c3d7ca06241b2f5154246ce2b8165da26eac31e70f2a0f4ff586e5b09cf0c993b2d319
- SSDEEP
  
  24576:348l0DlMFVPNpQiWq5KMsEINq4pXCxTRg/9QyGTlouInmUf/6ix5GWZ:35yeVPRWq5KMspBpX+wLEojnm3RE
Score

10^/10

dcrat infostealer rat spyware stealer
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerratspywarestealer

behavioral2

dcratinfostealerratspywarestealer

behavioral3

dcratinfostealerratspywarestealer

© 2018-2025

Terms | Privacy