dcrat | b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

b134e4e5d7...JC.exe

windows7-x64

b134e4e5d7...JC.exe

windows10-2004-x64

Sharing

General

Target

b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3_JC.exe
Size

1.3MB
Sample

230827-tqa2asbd69
MD5

397f5c91fd7cafc22c3fe28bc8fe675a
SHA1

02e127ae9c5a55e9b48731a3d47220cdb056f3eb
SHA256

b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3
SHA512

fdb348e8d451e68f59c02c57dcc788e486f7244211687b854463768961c50bd70fad6e5e0e2e66dd3c42666fa6d04fcf1014e3dd356011eeaba4a6a7031bf311
SSDEEP

24576:dA1MqYjjU6kS6e5jB/n4L6JXWutEcPO6KhepiKnG/hnPrdSkl+j9aTw1OquD:d4dK756e5VgL6JXWutEcLmesKG/hQzj4

Score

10^/10

dcrat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3_JC.exe

Resource

win7-20230824-en

dcrat infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3_JC.exe

Resource

win10v2004-20230703-en

dcrat infostealer rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3_JC.exe
- Size
  
  1.3MB
- MD5
  
  397f5c91fd7cafc22c3fe28bc8fe675a
- SHA1
  
  02e127ae9c5a55e9b48731a3d47220cdb056f3eb
- SHA256
  
  b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3
- SHA512
  
  fdb348e8d451e68f59c02c57dcc788e486f7244211687b854463768961c50bd70fad6e5e0e2e66dd3c42666fa6d04fcf1014e3dd356011eeaba4a6a7031bf311
- SSDEEP
  
  24576:dA1MqYjjU6kS6e5jB/n4L6JXWutEcPO6KhepiKnG/hnPrdSkl+j9aTw1OquD:d4dK756e5VgL6JXWutEcLmesKG/hQzj4
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.