Overview

overview

10

Static

static

10

DCRatBuild.exe

windows7-x64

10

DCRatBuild.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DCRatBuild.exe

  • Size

    1.1MB

  • Sample

    240529-xnzhnaeb7y

  • MD5

    ed28cd72bd062691757acefb381dd6c8

  • SHA1

    7fe7902e560b476b7e23d9ebcadde3ba8a7e0ec0

  • SHA256

    f90400299ddff091af50c2a7c46454e35e6a4b01a876096a0e180d1aabb68e9c

  • SHA512

    19912e8f60538c0d2e8b7e5a7c77c6efc38b1bf0f7e250cfc2e5062306f4d9c7942f6e0d627ab0c63a5f632915775bf81ec22a2a433fffe9c385671d742f578d

  • SSDEEP

    24576:U2G/nvxW3Ww0ts/KUfphyGlQWsNzEdH41SGZd:UbA30s/fLsNOPGD

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      DCRatBuild.exe

    • Size

      1.1MB

    • MD5

      ed28cd72bd062691757acefb381dd6c8

    • SHA1

      7fe7902e560b476b7e23d9ebcadde3ba8a7e0ec0

    • SHA256

      f90400299ddff091af50c2a7c46454e35e6a4b01a876096a0e180d1aabb68e9c

    • SHA512

      19912e8f60538c0d2e8b7e5a7c77c6efc38b1bf0f7e250cfc2e5062306f4d9c7942f6e0d627ab0c63a5f632915775bf81ec22a2a433fffe9c385671d742f578d

    • SSDEEP

      24576:U2G/nvxW3Ww0ts/KUfphyGlQWsNzEdH41SGZd:UbA30s/fLsNOPGD

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks