dcrat | 7c0217b4f09d7b5eb5a087c45aed6d13fca45ec3be6e32df510a9ad9a71d6c1a | Triage

Submit
Reports

Overview

overview

Static

static

4f0a0a77c8...28.exe

windows7-x64

4f0a0a77c8...28.exe

windows10-2004-x64

Sharing

General

Target

4f0a0a77c8473028b724fcd4431a5128.exe
Size

2.6MB
Sample

240417-en8gfsdc63
MD5

4f0a0a77c8473028b724fcd4431a5128
SHA1

af1705bf6b02cb0ccc703ebaa55c4ea8c07cb968
SHA256

7c0217b4f09d7b5eb5a087c45aed6d13fca45ec3be6e32df510a9ad9a71d6c1a
SHA512

cc11e25588c72f9fed049c8b082dbe13a945b988b397ce9762b486b5c0da1cb1a2c93b5af441a13f3790556b35ccb20e4b9a750d8cb387c88a6934ea9243ef68
SSDEEP

49152:OUK2oQKwtABwKO+0QIvoY3jFx3KNQ8qd28ZaQcULQ45i+PynH4L:OaoQXKfNNYzbaNEdZSeTynY

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

4f0a0a77c8473028b724fcd4431a5128.exe

Resource

win7-20240215-en

dcrat infostealer rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

4f0a0a77c8473028b724fcd4431a5128.exe

Resource

win10v2004-20240412-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  4f0a0a77c8473028b724fcd4431a5128.exe
- Size
  
  2.6MB
- MD5
  
  4f0a0a77c8473028b724fcd4431a5128
- SHA1
  
  af1705bf6b02cb0ccc703ebaa55c4ea8c07cb968
- SHA256
  
  7c0217b4f09d7b5eb5a087c45aed6d13fca45ec3be6e32df510a9ad9a71d6c1a
- SHA512
  
  cc11e25588c72f9fed049c8b082dbe13a945b988b397ce9762b486b5c0da1cb1a2c93b5af441a13f3790556b35ccb20e4b9a750d8cb387c88a6934ea9243ef68
- SSDEEP
  
  49152:OUK2oQKwtABwKO+0QIvoY3jFx3KNQ8qd28ZaQcULQ45i+PynH4L:OaoQXKfNNYzbaNEdZSeTynY
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy