dcrat | 3e69bb7839c9d2ed8a2a852368b2bb46df43b122afc535a035438ada17319624 | Triage

Submit
Reports

Overview

overview

Static

static

da865b816d...dd.exe

windows7-x64

da865b816d...dd.exe

windows10-2004-x64

Sharing

General

Target

3e69bb7839c9d2ed8a2a852368b2bb46df43b122afc535a035438ada17319624
Size

415KB
Sample

240417-rjl4wabc98
MD5

3ee8e994dbbbedee99e431923d0f3b6a
SHA1

b013060d351aba478b7adb758f823c35c24611b4
SHA256

3e69bb7839c9d2ed8a2a852368b2bb46df43b122afc535a035438ada17319624
SHA512

f4fa0a2e7b2ebe157f5d1cf38d0feaaccc37a9f414736ac2c8f8ff570e52b5be49b0940b25bdda3e9cb16a592f6a0b9aed040724c50782b37fe9973139f4e848
SSDEEP

12288:G9nRy9QqXYEGcHWQNA4KQ4pHaGW8YzoHe9jvHeCGp:G9Ry9bdHzAe4oGW8J+9jg

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

da865b816dc5ccc8c66733b1f897b3f986d6c14f09bcb481641fd6e5aeeb37dd.exe

Resource

win7-20240221-en

dcrat infostealer rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

da865b816dc5ccc8c66733b1f897b3f986d6c14f09bcb481641fd6e5aeeb37dd.exe

Resource

win10v2004-20240412-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  da865b816dc5ccc8c66733b1f897b3f986d6c14f09bcb481641fd6e5aeeb37dd.exe
- Size
  
  827KB
- MD5
  
  14f7828985000bd40f50f7b7f7f3593c
- SHA1
  
  a41a27e60aed63ad527981008eb611b3e4719963
- SHA256
  
  da865b816dc5ccc8c66733b1f897b3f986d6c14f09bcb481641fd6e5aeeb37dd
- SHA512
  
  4c2295b4a367179106eb784991eec8ec3fb8fde3622a394a9842b8a32b566a3ddc05578602d46460c7bb8d12f19844f94115451d405ff80cbfcaf7f6a0192ea1
- SSDEEP
  
  12288:h6kjJNrGvbVpOUnzbpQ4Gkppi4eladliylxtXDwjA:h6kqvbVFpQ4GLqiyljDwjA
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy