dcrat | f6fffabc85ab9bfd39576690b7107ddc421d458f6021a754a0b69969ba6e51cf | Triage

Submit
Reports

Overview

overview

Static

static

f6fffabc85...fN.exe

windows7-x64

f6fffabc85...fN.exe

windows10-2004-x64

Sharing

General

Target

f6fffabc85ab9bfd39576690b7107ddc421d458f6021a754a0b69969ba6e51cfN
Size

1.2MB
Sample

241107-lya29szfkg
MD5

d3b579a658327ea6b0b270989961d4a0
SHA1

4f973046dd649eb484960bb5decdcb1854eb759a
SHA256

f6fffabc85ab9bfd39576690b7107ddc421d458f6021a754a0b69969ba6e51cf
SHA512

0ed2079276cef4e973e2b0166f4f57ce124c43d2d866a772c78a8a801458256fdb1d233cb0a047dd2e8ee6b09ab66505f75073ed241f73f9944d14078b5d4468
SSDEEP

24576:v+r+6mj4wnm4qDfidSA440wOkTM5lcQANNVRIQPc2UWab:v++6mJqDuQd52QANNVRIQ8

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f6fffabc85ab9bfd39576690b7107ddc421d458f6021a754a0b69969ba6e51cfN.exe

Resource

win7-20240903-en

dcrat infostealer rat

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

f6fffabc85ab9bfd39576690b7107ddc421d458f6021a754a0b69969ba6e51cfN.exe

Resource

win10v2004-20241007-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Targets

- Target
  
  f6fffabc85ab9bfd39576690b7107ddc421d458f6021a754a0b69969ba6e51cfN
- Size
  
  1.2MB
- MD5
  
  d3b579a658327ea6b0b270989961d4a0
- SHA1
  
  4f973046dd649eb484960bb5decdcb1854eb759a
- SHA256
  
  f6fffabc85ab9bfd39576690b7107ddc421d458f6021a754a0b69969ba6e51cf
- SHA512
  
  0ed2079276cef4e973e2b0166f4f57ce124c43d2d866a772c78a8a801458256fdb1d233cb0a047dd2e8ee6b09ab66505f75073ed241f73f9944d14078b5d4468
- SSDEEP
  
  24576:v+r+6mj4wnm4qDfidSA440wOkTM5lcQANNVRIQPc2UWab:v++6mJqDuQd52QANNVRIQ8
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy