dcrat | b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3 | Triage

Submit
Reports

Overview

overview

Static

static

3

b134e4e5d7...JC.exe

windows7-x64

b134e4e5d7...JC.exe

windows10-2004-x64

Sharing

General

Target

b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3_JC.exe
Size

1.3MB
Sample

230827-tqa2asbd69
MD5

397f5c91fd7cafc22c3fe28bc8fe675a
SHA1

02e127ae9c5a55e9b48731a3d47220cdb056f3eb
SHA256

b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3
SHA512

fdb348e8d451e68f59c02c57dcc788e486f7244211687b854463768961c50bd70fad6e5e0e2e66dd3c42666fa6d04fcf1014e3dd356011eeaba4a6a7031bf311
SSDEEP

24576:dA1MqYjjU6kS6e5jB/n4L6JXWutEcPO6KhepiKnG/hnPrdSkl+j9aTw1OquD:d4dK756e5VgL6JXWutEcLmesKG/hQzj4

Score

10^/10

dcrat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3_JC.exe

Resource

win7-20230824-en

dcrat infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3_JC.exe

Resource

win10v2004-20230703-en

dcrat infostealer rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3_JC.exe
- Size
  
  1.3MB
- MD5
  
  397f5c91fd7cafc22c3fe28bc8fe675a
- SHA1
  
  02e127ae9c5a55e9b48731a3d47220cdb056f3eb
- SHA256
  
  b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3
- SHA512
  
  fdb348e8d451e68f59c02c57dcc788e486f7244211687b854463768961c50bd70fad6e5e0e2e66dd3c42666fa6d04fcf1014e3dd356011eeaba4a6a7031bf311
- SSDEEP
  
  24576:dA1MqYjjU6kS6e5jB/n4L6JXWutEcPO6KhepiKnG/hnPrdSkl+j9aTw1OquD:d4dK756e5VgL6JXWutEcLmesKG/hQzj4
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy