dcrat | e67db40f7067f297f30456b72319fe2c2e45bb674da5249a177fb56e9e4b5e21

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-11-2024 05:29

Target

e67db40f7067f297f30456b72319fe2c2e45bb674da5249a177fb56e9e4b5e21.exe
Size

2.0MB
MD5

af127315dc7d02567c4f94b0e08011f2
SHA1

48e50bb2a141a7efe3b119f91bd33841df450055
SHA256

e67db40f7067f297f30456b72319fe2c2e45bb674da5249a177fb56e9e4b5e21
SHA512

d0d086e9d6e72637f56d69983b7d067e4d0a20729aafff44b72517032a80b3943737e0e645044a51d7f060f6cdb4e38a0fd8e12c72339bf7818be668cabd16d4
SSDEEP

49152:dpEYPUUpXKs7cnhyvc16K7bV9+UpbCpR2aAY:dpEYcOT7chwqB7bCpRJA

Score

10^/10

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat
Dcrat family
dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
behavioral1/memory/2256-1-0x0000000000C80000-0x0000000000E8A000-memory.dmp	dcrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2256	e67db40f7067f297f30456b72319fe2c2e45bb674da5249a177fb56e9e4b5e21.exe

C:\Users\Admin\AppData\Local\Temp\e67db40f7067f297f30456b72319fe2c2e45bb674da5249a177fb56e9e4b5e21.exe
"C:\Users\Admin\AppData\Local\Temp\e67db40f7067f297f30456b72319fe2c2e45bb674da5249a177fb56e9e4b5e21.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2256

memory/2256-0-0x000007FEF57F3000-0x000007FEF57F4000-memory.dmp

Filesize
4KB

Download
memory/2256-1-0x0000000000C80000-0x0000000000E8A000-memory.dmp

Filesize
2.0MB

Download
memory/2256-2-0x000007FEF57F0000-0x000007FEF61DC000-memory.dmp

Filesize
9.9MB

Download
memory/2256-3-0x0000000000550000-0x000000000055E000-memory.dmp

Filesize
56KB

Download
memory/2256-4-0x0000000000560000-0x000000000056E000-memory.dmp

Filesize
56KB

Download
memory/2256-5-0x000007FEF57F0000-0x000007FEF61DC000-memory.dmp

Filesize
9.9MB

Download