dcrat | 8b72c7dce8c76cc75eb19390ca84dc43a2c8e47eb627b9894e534be9328e9ecc | Triage

Submit
Reports

Overview

overview

Static

static

7a1a339724...2e.exe

windows7-x64

7a1a339724...2e.exe

windows10-2004-x64

Sharing

General

Target

759b333fd8d1eedb5666fdea1da25b25.bin
Size

415KB
Sample

241029-btlcbsscnn
MD5

22266979e3162c41283242efe48eb630
SHA1

fb6528e2ffda56b21b0bdf9b680f6aa3d5665de4
SHA256

8b72c7dce8c76cc75eb19390ca84dc43a2c8e47eb627b9894e534be9328e9ecc
SHA512

b1a2e06c92bba450c3fb1dd9765daddf2bb678b0c87b6a8dc8395399322ea2367e4c671486f27a0bae6482be51a1c88a236081feeb90fc1498b46fb9da81f11d
SSDEEP

12288:8JSMSsl+Vch83kEUUaQDlYzOn5NREshlXMUJBD6fVGz:8LGch83jUYDyzOn5ld6fVGz

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

7a1a3397249836cac73c5f104211fb6cbb2317c830c148a65acb709210aadd2e.exe

Resource

win7-20241010-en

dcrat infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

7a1a3397249836cac73c5f104211fb6cbb2317c830c148a65acb709210aadd2e.exe

Resource

win10v2004-20241007-en

dcrat infostealer rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  7a1a3397249836cac73c5f104211fb6cbb2317c830c148a65acb709210aadd2e.exe
- Size
  
  827KB
- MD5
  
  759b333fd8d1eedb5666fdea1da25b25
- SHA1
  
  b66fc861196561f793062622b88cdb1065e35459
- SHA256
  
  7a1a3397249836cac73c5f104211fb6cbb2317c830c148a65acb709210aadd2e
- SHA512
  
  831006157773f5a30dbf07dcbfd484f49a978c077f8e132d33c8e044f8141462bb890c344724b23c3144488c1c406d576b7009c1205772a503ce6cc92692aec3
- SSDEEP
  
  12288:M+B2ad7F/Jf2xm1/nNfkOV+0Z3+5DlpAXdet4y5+q:gad7PuxmRn60Zu7xtZp
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy