dcrat | 94856a3718b2e959b2ba1dc09a859ce43e4bdee0672f7d90e51803a6efdc6907 | Triage

Submit
Reports

Overview

overview

Static

static

3

PizDec.exe

windows10-2004-x64

Sharing

General

Target

PizDec.exe
Size

1.4MB
Sample

240425-jtdaqagh99
MD5

f179fb92462522adcec42ba2f679d9e0
SHA1

0bc06ea16957413a0b8f1b09da991ce28da0ac90
SHA256

94856a3718b2e959b2ba1dc09a859ce43e4bdee0672f7d90e51803a6efdc6907
SHA512

bf9681d14574a5a832b1a43adfae43e91dbeed7c508d94dc01a1f90317bf95d5eaf3ddf40bc31e603c35b848a010417e708f149cc597e13f114f10f11535ccda
SSDEEP

24576:FecDOoLgMyVXXDZTTFUv8E344zmuWhzlHF+O1U3FFmMI0WVOfhufIQrkdPx:IcPpy5z5hUvVoolWpf1sFFm1XVOpufI5

Score

10^/10

dcrat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PizDec.exe

Resource

win10v2004-20240226-en

dcrat infostealer rat

windows10-2004-x64

19 signatures

1800 seconds

Malware Config

Targets

- Target
  
  PizDec.exe
- Size
  
  1.4MB
- MD5
  
  f179fb92462522adcec42ba2f679d9e0
- SHA1
  
  0bc06ea16957413a0b8f1b09da991ce28da0ac90
- SHA256
  
  94856a3718b2e959b2ba1dc09a859ce43e4bdee0672f7d90e51803a6efdc6907
- SHA512
  
  bf9681d14574a5a832b1a43adfae43e91dbeed7c508d94dc01a1f90317bf95d5eaf3ddf40bc31e603c35b848a010417e708f149cc597e13f114f10f11535ccda
- SSDEEP
  
  24576:FecDOoLgMyVXXDZTTFUv8E344zmuWhzlHF+O1U3FFmMI0WVOfhufIQrkdPx:IcPpy5z5hUvVoolWpf1sFFm1XVOpufI5
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dcratinfostealerrat

© 2018-2024

Terms | Privacy