dcrat | 0993c5335a17f17141e1be3f1936fa420e69c33bebedcd39d01bc527f6cd7d96 | Triage

Submit
Reports

Overview

overview

Static

static

5614b417cc...43.exe

windows7-x64

5614b417cc...43.exe

windows10-2004-x64

Sharing

General

Target

5614b417cca4217b0a1a4a4a081f9f43.exe
Size

831KB
Sample

240823-ntfs3a1hkh
MD5

5614b417cca4217b0a1a4a4a081f9f43
SHA1

6597f30054da2fcea4f5c37121a0581b1a93781b
SHA256

0993c5335a17f17141e1be3f1936fa420e69c33bebedcd39d01bc527f6cd7d96
SHA512

bed2ed22e5759aa7d4beac74d0b3cfaf7a045c70dc3ab97c490b978a365b741fd6257a64cf3cdf3f0653febd1176cd5278e57347dbc11d55c9513aa2c7777e12
SSDEEP

12288:xmhMcbVbcxC9wcb8QyKJT2ediDP78OK1CALBuMOh7x:xmRVbcxCWKyKJT2Z4xi

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

5614b417cca4217b0a1a4a4a081f9f43.exe

Resource

win7-20240729-en

dcrat infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

5614b417cca4217b0a1a4a4a081f9f43.exe

Resource

win10v2004-20240802-en

dcrat infostealer rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  5614b417cca4217b0a1a4a4a081f9f43.exe
- Size
  
  831KB
- MD5
  
  5614b417cca4217b0a1a4a4a081f9f43
- SHA1
  
  6597f30054da2fcea4f5c37121a0581b1a93781b
- SHA256
  
  0993c5335a17f17141e1be3f1936fa420e69c33bebedcd39d01bc527f6cd7d96
- SHA512
  
  bed2ed22e5759aa7d4beac74d0b3cfaf7a045c70dc3ab97c490b978a365b741fd6257a64cf3cdf3f0653febd1176cd5278e57347dbc11d55c9513aa2c7777e12
- SSDEEP
  
  12288:xmhMcbVbcxC9wcb8QyKJT2ediDP78OK1CALBuMOh7x:xmRVbcxCWKyKJT2Z4xi
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy