dcrat | 2c1ac8c5fdaa8d710c578417248db566aebbc4a385649e759a54fc83eaa6cbd5 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

2c1ac8c5fdaa8d710c578417248db566aebbc4a385649e759a54fc83eaa6cbd5
Size

1.3MB
Sample

230830-eepmzshe65
MD5

bb9d9c7921b53c8df2cbb6ba678d88fb
SHA1

2a6faa70b7a98e08a633c43ab995e511106fcb7d
SHA256

2c1ac8c5fdaa8d710c578417248db566aebbc4a385649e759a54fc83eaa6cbd5
SHA512

fc28dca3c7aa0465f9f058468ba4b79ea7e8d926186d75b6a217f6d44acce93a8a13797ca63617dee280fb6bda15c87fa021a08c6d961c4275212027128bdfd2
SSDEEP

24576:U2G/nvxW3Ww0t3rZDceHt0L3/LoiXbt6R62BNerH5YVrb:UbA303rxceHaLv36UkvVr

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2c1ac8c5fdaa8d710c578417248db566aebbc4a385649e759a54fc83eaa6cbd5.exe

Resource

win7-20230712-en

dcrat infostealer rat

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

2c1ac8c5fdaa8d710c578417248db566aebbc4a385649e759a54fc83eaa6cbd5.exe

Resource

win10-20230703-en

dcrat infostealer rat

windows10-1703-x64

13 signatures

300 seconds

Malware Config

Targets

- Target
  
  2c1ac8c5fdaa8d710c578417248db566aebbc4a385649e759a54fc83eaa6cbd5
- Size
  
  1.3MB
- MD5
  
  bb9d9c7921b53c8df2cbb6ba678d88fb
- SHA1
  
  2a6faa70b7a98e08a633c43ab995e511106fcb7d
- SHA256
  
  2c1ac8c5fdaa8d710c578417248db566aebbc4a385649e759a54fc83eaa6cbd5
- SHA512
  
  fc28dca3c7aa0465f9f058468ba4b79ea7e8d926186d75b6a217f6d44acce93a8a13797ca63617dee280fb6bda15c87fa021a08c6d961c4275212027128bdfd2
- SSDEEP
  
  24576:U2G/nvxW3Ww0t3rZDceHt0L3/LoiXbt6R62BNerH5YVrb:UbA303rxceHaLv36UkvVr
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy