dcrat | 14d3c791fbdb14120500093e49fa25a23bd7e9fec3e8f7065e8df3a326359d22 | Triage

Submit
Reports

Overview

overview

Static

static

1182d9fec1...3e.exe

windows7-x64

1182d9fec1...3e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

1182d9fec1b86ebb19739747de83243e.exe
Size

1.3MB
Sample

240708-kr54dsteke
MD5

1182d9fec1b86ebb19739747de83243e
SHA1

c187acb1a82c1e986b87cac0c34045fc4515a8f3
SHA256

14d3c791fbdb14120500093e49fa25a23bd7e9fec3e8f7065e8df3a326359d22
SHA512

fb9de8471b786844228f2c1c4d206f253767539347c999d2b7a37a9128eb2abd207e2f08a27afc853bdceee7bee4d92f7dec6d8db64c65d0d48fd3c014e4bb0b
SSDEEP

24576:kT3VQMmrjL/KL7168n0y2jKPkO/SLAYKR3ToqmE/kD4thm2:c6/yLv2OPkO/RYGeEuohm

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1182d9fec1b86ebb19739747de83243e.exe

Resource

win7-20240221-en

dcrat infostealer rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

1182d9fec1b86ebb19739747de83243e.exe

Resource

win10v2004-20240704-en

dcrat infostealer rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  1182d9fec1b86ebb19739747de83243e.exe
- Size
  
  1.3MB
- MD5
  
  1182d9fec1b86ebb19739747de83243e
- SHA1
  
  c187acb1a82c1e986b87cac0c34045fc4515a8f3
- SHA256
  
  14d3c791fbdb14120500093e49fa25a23bd7e9fec3e8f7065e8df3a326359d22
- SHA512
  
  fb9de8471b786844228f2c1c4d206f253767539347c999d2b7a37a9128eb2abd207e2f08a27afc853bdceee7bee4d92f7dec6d8db64c65d0d48fd3c014e4bb0b
- SSDEEP
  
  24576:kT3VQMmrjL/KL7168n0y2jKPkO/SLAYKR3ToqmE/kD4thm2:c6/yLv2OPkO/RYGeEuohm
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy