dcrat | 3049dff59c007e4d95714d9e75a74a50e0ce1e012c0ea0e8dd0c4d457d99bf44

Analysis

max time kernel
134s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3049dff59c007e4d95714d9e75a74a50e0ce1e012c0ea0e8dd0c4d457d99bf44.exe
Size

2.4MB
MD5

7e92b919f0d413c201afd73a1206a471
SHA1

d232d9e8c0d0bac4706a9ed3fcfb0c29f3411bb3
SHA256

3049dff59c007e4d95714d9e75a74a50e0ce1e012c0ea0e8dd0c4d457d99bf44
SHA512

637be3540335aa36da564d41eafb1f57b3ae975f17d977905b72a90572bf7beda660187887600e36cb0f1ff579eaaa95d1d7de4ebbd24bccc70d8e75bf1e1260
SSDEEP

49152:YnKY/LDpwDbG4PgI8l0muhENyOdPazXijeJ38T:Yb/Lie4oaZhE4ipe+T

Score

10^/10

dcrat infostealer rat

Malware Config

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
behavioral2/memory/748-1-0x0000000000780000-0x00000000009F4000-memory.dmp	dcrat

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
748	3049dff59c007e4d95714d9e75a74a50e0ce1e012c0ea0e8dd0c4d457d99bf44.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	748	3049dff59c007e4d95714d9e75a74a50e0ce1e012c0ea0e8dd0c4d457d99bf44.exe

C:\Users\Admin\AppData\Local\Temp\3049dff59c007e4d95714d9e75a74a50e0ce1e012c0ea0e8dd0c4d457d99bf44.exe
"C:\Users\Admin\AppData\Local\Temp\3049dff59c007e4d95714d9e75a74a50e0ce1e012c0ea0e8dd0c4d457d99bf44.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/748-0-0x00007FF9FAC73000-0x00007FF9FAC75000-memory.dmp

Filesize
8KB

Download
memory/748-1-0x0000000000780000-0x00000000009F4000-memory.dmp

Filesize
2.5MB

Download
memory/748-2-0x00007FF9FAC70000-0x00007FF9FB731000-memory.dmp

Filesize
10.8MB

Download
memory/748-3-0x000000001BB00000-0x000000001BB1C000-memory.dmp

Filesize
112KB

Download
memory/748-7-0x000000001BBC0000-0x000000001BC16000-memory.dmp

Filesize
344KB

Download
memory/748-8-0x000000001BB50000-0x000000001BB5C000-memory.dmp

Filesize
48KB

Download
memory/748-6-0x000000001BB40000-0x000000001BB48000-memory.dmp

Filesize
32KB

Download
memory/748-10-0x000000001BD10000-0x000000001BD22000-memory.dmp

Filesize
72KB

Download
memory/748-9-0x000000001BB60000-0x000000001BB68000-memory.dmp

Filesize
32KB

Download
memory/748-5-0x000000001BB20000-0x000000001BB36000-memory.dmp

Filesize
88KB

Download
memory/748-4-0x000000001BB70000-0x000000001BBC0000-memory.dmp

Filesize
320KB

Download
memory/748-12-0x000000001BC30000-0x000000001BC3C000-memory.dmp

Filesize
48KB

Download
memory/748-11-0x000000001C580000-0x000000001CAA8000-memory.dmp

Filesize
5.2MB

Download
memory/748-15-0x000000001BC60000-0x000000001BC68000-memory.dmp

Filesize
32KB

Download
memory/748-13-0x000000001BC40000-0x000000001BC48000-memory.dmp

Filesize
32KB

Download
memory/748-14-0x000000001BC50000-0x000000001BC5E000-memory.dmp

Filesize
56KB

Download
memory/748-17-0x00007FF9FAC70000-0x00007FF9FB731000-memory.dmp

Filesize
10.8MB

Download