dcrat | hxxps://goo[.]su/hw8j | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://goo.su/hw8j

windows11-21h2-x64

Sharing

General

Target

https://goo.su/hw8j
Sample

240420-q58z4aaa99

Score

10^/10

dcrat infostealer rat

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://goo.su/hw8j

Resource

win11-20240412-en

dcrat infostealer rat

windows11-21h2-x64

22 signatures

1800 seconds

Malware Config

Targets

- Target
  
  https://goo.su/hw8j
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

urlscan1

behavioral1

dcratinfostealerrat

© 2018-2024

Terms | Privacy