dcrat | 4d904132b607fffcc8b3c537e7122cb0bec8303a7600d1bc454cfc6162dedd87 | Triage

Submit
Reports

Overview

overview

Static

static

DCRatBuild.exe

windows7-x64

DCRatBuild.exe

windows10-2004-x64

Sharing

General

Target

DCRatBuild.exe
Size

1.3MB
Sample

240612-z3zs3szhpe
MD5

439cb5cb55ef43db9a6bf3e7f5a7c41f
SHA1

fae1f5208d38d198c1c4abdee68b428c84336f11
SHA256

4d904132b607fffcc8b3c537e7122cb0bec8303a7600d1bc454cfc6162dedd87
SHA512

905bc57781b1950051103f67959df7d1b2ff53d7a773ea0730b80a2024bac0622c9301dd94910275d2a3a84be1c38585d4a0956c1ad17475d67167f523c7acd4
SSDEEP

24576:u2G/nvxW3WieCa57VWTeHT4RIQFy4zZHWdd05g18f:ubA3jaXFwIbd05g1+

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

DCRatBuild.exe

Resource

win7-20240508-en

dcrat infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

DCRatBuild.exe

Resource

win10v2004-20240508-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  DCRatBuild.exe
- Size
  
  1.3MB
- MD5
  
  439cb5cb55ef43db9a6bf3e7f5a7c41f
- SHA1
  
  fae1f5208d38d198c1c4abdee68b428c84336f11
- SHA256
  
  4d904132b607fffcc8b3c537e7122cb0bec8303a7600d1bc454cfc6162dedd87
- SHA512
  
  905bc57781b1950051103f67959df7d1b2ff53d7a773ea0730b80a2024bac0622c9301dd94910275d2a3a84be1c38585d4a0956c1ad17475d67167f523c7acd4
- SSDEEP
  
  24576:u2G/nvxW3WieCa57VWTeHT4RIQFy4zZHWdd05g18f:ubA3jaXFwIbd05g1+
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy