dcrat | 3b970ad4a44ed9e6417f49a9a998c7e901c70406e639a327301f2423971c4a1c | Triage

Submit
Reports

Overview

overview

Static

static

fa0e9e5559...00.exe

windows7-x64

fa0e9e5559...00.exe

windows10-2004-x64

Sharing

General

Target

a963ffef0ef9cfcee28853394947cb02.bin
Size

416KB
Sample

240426-bz4e4aha3x
MD5

00d422192ac691799a509125255937f0
SHA1

126e598292f4377bd07b53b0d79a9730e2c67aa2
SHA256

3b970ad4a44ed9e6417f49a9a998c7e901c70406e639a327301f2423971c4a1c
SHA512

2b79ea2db1d9529bded6406293b49f0beb567658071f53b5108ab0bd299c6e640d86246707c92cf2c938bdaf583c5111176b3f67b5c70db5a82069d23c7ee121
SSDEEP

12288:iw6bQL5FdAsOX4KweQXNp6sMo3pf8PYjGrzNfUOcbgfukkirohidf33Y8hhZ:iw6bQL7c4MbsRnjGNf6bg2kkeohi9Y8d

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

fa0e9e5559910365f159a438c5b6ebc401dbdfe0e349a63c85f695d61a904500.exe

Resource

win7-20240221-en

dcrat infostealer rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa0e9e5559910365f159a438c5b6ebc401dbdfe0e349a63c85f695d61a904500.exe

Resource

win10v2004-20240412-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  fa0e9e5559910365f159a438c5b6ebc401dbdfe0e349a63c85f695d61a904500.exe
- Size
  
  829KB
- MD5
  
  a963ffef0ef9cfcee28853394947cb02
- SHA1
  
  abc9d7df3e07b029aea7b065e9dbfa257b3e951c
- SHA256
  
  fa0e9e5559910365f159a438c5b6ebc401dbdfe0e349a63c85f695d61a904500
- SHA512
  
  52fd7e1567f8fce1cb758c2d818c5e977b5d45fbd932e9d0407850cedc1d872351c577ed7633ae77ca4a0262a0b585c3a8e7228e04bdd826a5c7f154c40ca5c1
- SSDEEP
  
  12288:1iIju1u8Y8wSiHDbgP+mg5IAbnOejZJyDGR5iVAN:bu1uawlDbs+mcISXQs5iVM
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy