Overview

overview

10

Static

static

10

DCRatBuild.exe

windows7-x64

10

DCRatBuild.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DCRatBuild.exe

  • Size

    1.1MB

  • Sample

    240613-2ttltatfla

  • MD5

    4c40088e4f1835614a5a1088056699e2

  • SHA1

    4b78a9fad74e75b67cb6626679166f611171a161

  • SHA256

    e51f8d90fb3698bd568b693c41927bdee20c799e823bd4630a061454d3264309

  • SHA512

    2717db3fa71493bfee3acb5b6a40a15ba5f9522be230ac5376f1317b964cc29050d84b9bdd2a84066d9d7b96cbcd7f73faebfad3d21b2a8172c548b4c1a8f685

  • SSDEEP

    24576:U2G/nvxW3Ww0t2onGju9hMij7DTA9LX9GmN6ya4+o:UbA30Vd9aqM9Lbai

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      DCRatBuild.exe

    • Size

      1.1MB

    • MD5

      4c40088e4f1835614a5a1088056699e2

    • SHA1

      4b78a9fad74e75b67cb6626679166f611171a161

    • SHA256

      e51f8d90fb3698bd568b693c41927bdee20c799e823bd4630a061454d3264309

    • SHA512

      2717db3fa71493bfee3acb5b6a40a15ba5f9522be230ac5376f1317b964cc29050d84b9bdd2a84066d9d7b96cbcd7f73faebfad3d21b2a8172c548b4c1a8f685

    • SSDEEP

      24576:U2G/nvxW3Ww0t2onGju9hMij7DTA9LX9GmN6ya4+o:UbA30Vd9aqM9Lbai

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks