dcrat | e4553879ba20a82e36da049c0222a53960c0e66b4276166caf896e78bf91787a | Triage

Submit
Reports

Overview

overview

Static

static

1b3401b980...0N.exe

windows7-x64

1b3401b980...0N.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

1b3401b9808d6317bedeeee1e11fe670N.exe
Size

547KB
Sample

240814-l4hdja1dlp
MD5

1b3401b9808d6317bedeeee1e11fe670
SHA1

29e89485456344805d4d26f97ef39b6c692486fd
SHA256

e4553879ba20a82e36da049c0222a53960c0e66b4276166caf896e78bf91787a
SHA512

cff17c6321fc2d1ace0c98fdcbf8b06a2a7677525c7f42f271649f8dd5c70f2e86985e0091b1cec65e5651729b09fbde41cb607bc9472247f4e31939e520f8d8
SSDEEP

12288:RG2N7k4NxZU4TP1gCdx6g8q+yq8ZLfEPI9iTO1x:RG2jDBP1Hx6bIgK

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1b3401b9808d6317bedeeee1e11fe670N.exe

Resource

win7-20240708-en

dcrat infostealer rat

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

1b3401b9808d6317bedeeee1e11fe670N.exe

Resource

win10v2004-20240802-en

dcrat infostealer rat

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Targets

- Target
  
  1b3401b9808d6317bedeeee1e11fe670N.exe
- Size
  
  547KB
- MD5
  
  1b3401b9808d6317bedeeee1e11fe670
- SHA1
  
  29e89485456344805d4d26f97ef39b6c692486fd
- SHA256
  
  e4553879ba20a82e36da049c0222a53960c0e66b4276166caf896e78bf91787a
- SHA512
  
  cff17c6321fc2d1ace0c98fdcbf8b06a2a7677525c7f42f271649f8dd5c70f2e86985e0091b1cec65e5651729b09fbde41cb607bc9472247f4e31939e520f8d8
- SSDEEP
  
  12288:RG2N7k4NxZU4TP1gCdx6g8q+yq8ZLfEPI9iTO1x:RG2jDBP1Hx6bIgK
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy