dcrat | 5a76c4af4d3f402b6c5dbd4bdaf27fbce4f8c7dbeb37aa7360e2ef1412ecbf36 | Triage

Submit
Reports

Overview

overview

Static

static

bca88c932c...3c.exe

windows7-x64

bca88c932c...3c.exe

windows10-2004-x64

Sharing

General

Target

bca88c932c62e07a93e63843fa98683c
Size

864KB
Sample

240409-3bfgxahd54
MD5

bca88c932c62e07a93e63843fa98683c
SHA1

a32de96450ead432f934752f1d654a6b904f8800
SHA256

5a76c4af4d3f402b6c5dbd4bdaf27fbce4f8c7dbeb37aa7360e2ef1412ecbf36
SHA512

d5d06c4306c9c6aa1f1485f35e8f074da7c92fbfcac34080802650d0e52123c729cbdf1c5736ea0eb5f83b2b43f907ca28a59ae2e139467e4c1596464370427c
SSDEEP

12288:frdd+xFusWBUS2uBLxvWluhvWYpWw1zuNuHP1YHUPnnCBao:pdiusWxpxvW+y8vqH8nvo

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

bca88c932c62e07a93e63843fa98683c.exe

Resource

win7-20240221-en

dcrat infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

bca88c932c62e07a93e63843fa98683c.exe

Resource

win10v2004-20240226-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  bca88c932c62e07a93e63843fa98683c
- Size
  
  864KB
- MD5
  
  bca88c932c62e07a93e63843fa98683c
- SHA1
  
  a32de96450ead432f934752f1d654a6b904f8800
- SHA256
  
  5a76c4af4d3f402b6c5dbd4bdaf27fbce4f8c7dbeb37aa7360e2ef1412ecbf36
- SHA512
  
  d5d06c4306c9c6aa1f1485f35e8f074da7c92fbfcac34080802650d0e52123c729cbdf1c5736ea0eb5f83b2b43f907ca28a59ae2e139467e4c1596464370427c
- SSDEEP
  
  12288:frdd+xFusWBUS2uBLxvWluhvWYpWw1zuNuHP1YHUPnnCBao:pdiusWxpxvW+y8vqH8nvo
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy