dcrat | 48cead232045bf8ed6d8dbca3e2072be474fd74ad8901e7a3febe44a9315e5c1 | Triage

Submit
Reports

Overview

overview

Static

static

3

physmeme.exe

windows10-2004-x64

Sharing

General

Target

physmeme.exe
Size

2.1MB
Sample

241105-jnyz8szmfq
MD5

e0216529a1eaed9f919e40074ca84f33
SHA1

3c2c9e6fc0e096b8aba3c96b3c23431a8aa17cc8
SHA256

48cead232045bf8ed6d8dbca3e2072be474fd74ad8901e7a3febe44a9315e5c1
SHA512

e03c5823c27b7f6b4b61ecd48a2ab1019da4e10d3de53965a183b03ef5ebdba07532d28e6284b51ceceb7fc4794719220038faccd5cb9d2a767dd82697a969df
SSDEEP

49152:IBJEYs0etiDFHKn8aDCIjT8hXnFd7kykcE:yeYDBQ8JIn8lFd7kykcE

Score

10^/10

dcrat discovery infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

physmeme.exe

Resource

win10v2004-20241007-en

dcrat discovery infostealer rat

windows10-2004-x64

22 signatures

600 seconds

Malware Config

Targets

- Target
  
  physmeme.exe
- Size
  
  2.1MB
- MD5
  
  e0216529a1eaed9f919e40074ca84f33
- SHA1
  
  3c2c9e6fc0e096b8aba3c96b3c23431a8aa17cc8
- SHA256
  
  48cead232045bf8ed6d8dbca3e2072be474fd74ad8901e7a3febe44a9315e5c1
- SHA512
  
  e03c5823c27b7f6b4b61ecd48a2ab1019da4e10d3de53965a183b03ef5ebdba07532d28e6284b51ceceb7fc4794719220038faccd5cb9d2a767dd82697a969df
- SSDEEP
  
  49152:IBJEYs0etiDFHKn8aDCIjT8hXnFd7kykcE:yeYDBQ8JIn8lFd7kykcE
Score

10^/10

dcrat discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryinfostealerrat

© 2018-2025

Terms | Privacy