dcrat | 76cfbc29e7ce11477e4f0d49cdbaea8f82873235b27e486aa3e8361a3c6ddf91 | Triage

Submit
Reports

Overview

overview

Static

static

f72080d385...18.exe

windows7-x64

f72080d385...18.exe

windows10-2004-x64

Sharing

General

Target

f72080d3853ae95c1ec0bdb18abd6356_JaffaCakes118
Size

1.8MB
Sample

240418-dmaclahd25
MD5

f72080d3853ae95c1ec0bdb18abd6356
SHA1

e1b9940d87d318d4e8bcfcc74ab2c64e647db3e6
SHA256

76cfbc29e7ce11477e4f0d49cdbaea8f82873235b27e486aa3e8361a3c6ddf91
SHA512

309d110070ec078b549ecc1e86bfcc14e4e393b2bf75e36a5c3e35759d558becd3a62c7d77e6d4d8dfa90a608ac2b3c0e1b8479d6e06cb2673b054779eb4568b
SSDEEP

24576:H2G/nvxW3Wwbi2azZP+9QghAKEeOj+0DfbN23bdUtF2tYGtLhbg3L5ym3i+4F:HbA36xMiCAKsNk3qPVGw5HlY

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f72080d3853ae95c1ec0bdb18abd6356_JaffaCakes118.exe

Resource

win7-20240221-en

dcrat infostealer rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f72080d3853ae95c1ec0bdb18abd6356_JaffaCakes118.exe

Resource

win10v2004-20240412-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  f72080d3853ae95c1ec0bdb18abd6356_JaffaCakes118
- Size
  
  1.8MB
- MD5
  
  f72080d3853ae95c1ec0bdb18abd6356
- SHA1
  
  e1b9940d87d318d4e8bcfcc74ab2c64e647db3e6
- SHA256
  
  76cfbc29e7ce11477e4f0d49cdbaea8f82873235b27e486aa3e8361a3c6ddf91
- SHA512
  
  309d110070ec078b549ecc1e86bfcc14e4e393b2bf75e36a5c3e35759d558becd3a62c7d77e6d4d8dfa90a608ac2b3c0e1b8479d6e06cb2673b054779eb4568b
- SSDEEP
  
  24576:H2G/nvxW3Wwbi2azZP+9QghAKEeOj+0DfbN23bdUtF2tYGtLhbg3L5ym3i+4F:HbA36xMiCAKsNk3qPVGw5HlY
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy