dcrat | 759d8cc4f58b382d5e17a9744bc7b86781dd58704af341bcc9e7e859a81303fe

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 21:43

Target

80d60545521be47b95c73a6779ef90e0NeikiAnalytics.exe
Size

2.0MB
MD5

80d60545521be47b95c73a6779ef90e0
SHA1

b34fb298ad999c5f59cda130e84ff947f13cb052
SHA256

759d8cc4f58b382d5e17a9744bc7b86781dd58704af341bcc9e7e859a81303fe
SHA512

500f3cd1a907378fb08889ea5ac42dc044f471f230fe604fad6534c0b718a943c38ad1e05f13dae01430fee9b0ba00657dedca5ee24b638629753255ee0d66cb
SSDEEP

49152:zrYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:zdxVJC9UqRzsu+8N

Score

10^/10

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
behavioral1/memory/2208-1-0x0000000001070000-0x000000000127A000-memory.dmp	dcrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	80d60545521be47b95c73a6779ef90e0NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\80d60545521be47b95c73a6779ef90e0NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\80d60545521be47b95c73a6779ef90e0NeikiAnalytics.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2208

memory/2208-0-0x000007FEF5793000-0x000007FEF5794000-memory.dmp

Filesize
4KB

Download
memory/2208-1-0x0000000001070000-0x000000000127A000-memory.dmp

Filesize
2.0MB

Download
memory/2208-2-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/2208-3-0x0000000000140000-0x000000000014E000-memory.dmp

Filesize
56KB

Download
memory/2208-4-0x0000000000160000-0x000000000016E000-memory.dmp

Filesize
56KB

Download
memory/2208-5-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download