Overview

overview

10

Static

static

3

DCRat.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DCRat.exe

  • Size

    6.9MB

  • Sample

    240527-bkqwfsbh35

  • MD5

    00d9d8efbbc40085276b347014d676cb

  • SHA1

    2f170d5a165cb799ae6abca04995ac7a5f2db3ac

  • SHA256

    dec093070d245723af3d5a631e72b6ff1303b4e1a862b6edc95915cf8f863f9d

  • SHA512

    780cf48eeaafb2533ae49dc9515e33530b1a0c194da80275436ce5fd642b927e7e101c3fad9c4e0cc23ea30def9bd5c706252bff48d5c03e0a19e2d2aad80a89

  • SSDEEP

    196608:aUI3ljBj/NBM6I059onJ5hrZEnyiU8AdZYJERurTb:qVjBj1iw9c5hlEXAdZYygr/

Score
10/10
dcratdiscoveryinfostealerpyinstallerrat

Malware Config

Targets

    • Target

      DCRat.exe

    • Size

      6.9MB

    • MD5

      00d9d8efbbc40085276b347014d676cb

    • SHA1

      2f170d5a165cb799ae6abca04995ac7a5f2db3ac

    • SHA256

      dec093070d245723af3d5a631e72b6ff1303b4e1a862b6edc95915cf8f863f9d

    • SHA512

      780cf48eeaafb2533ae49dc9515e33530b1a0c194da80275436ce5fd642b927e7e101c3fad9c4e0cc23ea30def9bd5c706252bff48d5c03e0a19e2d2aad80a89

    • SSDEEP

      196608:aUI3ljBj/NBM6I059onJ5hrZEnyiU8AdZYJERurTb:qVjBj1iw9c5hlEXAdZYygr/

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks