dcrat | 85e2f958f1c6843f13f7dfedf4b907168d91f33828ad4d220f9e6022c3945867 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

85e2f958f1...67.exe

windows7-x64

85e2f958f1...67.exe

windows10-2004-x64

Sharing

General

Target

85e2f958f1c6843f13f7dfedf4b907168d91f33828ad4d220f9e6022c3945867
Size

2.0MB
Sample

231119-p7gsysah3x
MD5

30187293127241c047ea7582cb3ba925
SHA1

70e9d100311fcfd66e344f8a71bc1e019c3de94e
SHA256

85e2f958f1c6843f13f7dfedf4b907168d91f33828ad4d220f9e6022c3945867
SHA512

54f3a665d89e760f012847756ffdae0727af0617e67ae3aad59f76ce6e1e7c67ce20f52203237453a7d21f5f175f9c98281075fb182b29af4a1538312e3abd04
SSDEEP

49152:nILNq8KKtRL4wk8UGHZF1ljvfvQAzjsKMvojOCIoBEScdD:nxKtRL47iPljJfsKDN7aScl

Score

10^/10

dcrat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

85e2f958f1c6843f13f7dfedf4b907168d91f33828ad4d220f9e6022c3945867.exe

Resource

win7-20231025-en

dcrat infostealer rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

85e2f958f1c6843f13f7dfedf4b907168d91f33828ad4d220f9e6022c3945867.exe

Resource

win10v2004-20231023-en

dcrat infostealer rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  85e2f958f1c6843f13f7dfedf4b907168d91f33828ad4d220f9e6022c3945867
- Size
  
  2.0MB
- MD5
  
  30187293127241c047ea7582cb3ba925
- SHA1
  
  70e9d100311fcfd66e344f8a71bc1e019c3de94e
- SHA256
  
  85e2f958f1c6843f13f7dfedf4b907168d91f33828ad4d220f9e6022c3945867
- SHA512
  
  54f3a665d89e760f012847756ffdae0727af0617e67ae3aad59f76ce6e1e7c67ce20f52203237453a7d21f5f175f9c98281075fb182b29af4a1538312e3abd04
- SSDEEP
  
  49152:nILNq8KKtRL4wk8UGHZF1ljvfvQAzjsKMvojOCIoBEScdD:nxKtRL47iPljJfsKDN7aScl
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy