dcrat | e8d72180bb28f49479a739e9c1b22aad02809cac77a7cb2fdc0c70ad7dcd89a1 | Triage

Submit
Reports

Overview

overview

Static

static

e19c34aa62...85.exe

windows7-x64

e19c34aa62...85.exe

windows10-2004-x64

Sharing

General

Target

e8d72180bb28f49479a739e9c1b22aad02809cac77a7cb2fdc0c70ad7dcd89a1
Size

413KB
Sample

240417-r337haea7w
MD5

b675cb3a3a00359c42031dec7ef01b98
SHA1

bf9e7c879431159a7a458e8e0fed979ac12caa3e
SHA256

e8d72180bb28f49479a739e9c1b22aad02809cac77a7cb2fdc0c70ad7dcd89a1
SHA512

d364aa8693da069eb28d786db1f96e6609f4478c7827e9b4c578f37cba5c5be646ef02d4dd6e72dfdc9742d0c8f621cec957e9ea7515e219e65248b8bacb6a3e
SSDEEP

6144:0VTCqisFLVoQ9LBBOQxmyrBxcaxCm2N0gDNX2fM2OdPs7GGnmiYtOALvQxx:0VTCqBFLaUKyrBDUV0+BOGsmiYkhx

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

e19c34aa6213dce5d659117b57ff1951822352d86ca4678d3aee8e30bb759a85.exe

Resource

win7-20240215-en

dcrat infostealer rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

e19c34aa6213dce5d659117b57ff1951822352d86ca4678d3aee8e30bb759a85.exe

Resource

win10v2004-20240412-en

dcrat infostealer rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  e19c34aa6213dce5d659117b57ff1951822352d86ca4678d3aee8e30bb759a85.exe
- Size
  
  829KB
- MD5
  
  5fc7d1990c73a740b751bf56372ede24
- SHA1
  
  a67df2b9b70bde79b10984209ff72fc7f392bead
- SHA256
  
  e19c34aa6213dce5d659117b57ff1951822352d86ca4678d3aee8e30bb759a85
- SHA512
  
  a5ab4f5bb06bdcec7e510142fa0ffc0ed12b930d4f734d8077e94da8e7b0a83dcaadad692238b0154e2a7ad867e1929751f3845573f631831cae401cdc50b0ce
- SSDEEP
  
  12288:6uhjddulmD/pIvCfmujIPAvuC/q4YeUzGmpuGlehx8r+/F:7zulmfmujIYvuWq4Y1zGkuGUIqt
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy