dcrat | 7cb010b8c0805d0391455aaa2262d076a65a92c0f1a9966daff50a109c44eb53 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Debug.zip
Size

321KB
Sample

241110-a3r1sswarn
MD5

812f6da08f701dc5808305efe08493d1
SHA1

dd766c9fea76656600b8076971b0cbf32dffb744
SHA256

7cb010b8c0805d0391455aaa2262d076a65a92c0f1a9966daff50a109c44eb53
SHA512

93887aec4bdc0e6ccfc20959a5776d717de63c8946708377407eaac47415db01e5b856a494c133ec8bf5496370de07e6d06b465a94af7da6cd9e4c2434869904
SSDEEP

6144:32DabTTc8e/FAmCwNpARSRRIZjF0GEyt0iGxHD4tQyT1Y/vAScu6:3iab88e/FAmCwTIZjeyKiGZcuoOvASk

Score

10^/10

dcrat discovery execution infostealer rat

Malware Config

Targets

- Target
  
  Debug/ICSharpCode.AvalonEdit.dll
- Size
  
  598KB
- MD5
  
  b6142f182a86adf382ea845935a327bc
- SHA1
  
  841367a389b4df1207224a26f9e201e593d551d1
- SHA256
  
  7225253a9ca59db879340f9ea8ee4f48006ceadf878d04b446522007fbe3ebb3
- SHA512
  
  a5e4941409b4b06fdf44ec5ebfb5d99cec47b1f348e266e7dc20254e5465deb1abf60d67092b5aa1bd14f52d637b52b380382f838d601b0f3734ea5a406fb068
- SSDEEP
  
  6144:m7zJDqOpyhu6XzDnHYRdioOfP/5GvVTBz/xz0z77OxRmvdM+lNsjXU+9NKsTLO0l:C/9R9VONf
Score

1^/10
behavioral1
- Target
  
  Debug/WpfApp4.exe
- Size
  
  24KB
- MD5
  
  46772c9bf3952208d085c6d0f6bbf1e2
- SHA1
  
  3a71299888fd14a050320ec152ae9b3021e44ff7
- SHA256
  
  22726e9c072a5341faba88ce1094a9c5b04d638a975461442f180e0baa131ada
- SHA512
  
  d023618959875cc62625494d113b9c74c62b01fd7eeb6f186efa9cbe00a63be8d4184dc78f5772d9c9025c34b16cd3c9a716dd4bd6e9f55ed22a132fec929d47
- SSDEEP
  
  384:FHrXOh5A2gRcwKnygBFILmrkgZCkRIHe5qI9AOaOCMirW0rEt0:gIqukRIHesOaOCM+WV0
Score

10^/10

dcrat discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2
- Target
  
  Debug/scripts/Inf Yield.lua
- Size
  
  464KB
- MD5
  
  54c073548e30660a28863bd2b4ac957c
- SHA1
  
  ae639df13d0ceabb6a23f7fba4d7c9f21eee5da3
- SHA256
  
  1f472d8b1cdd5196c1d5883cbe68a6371544f981952dab2723b79af9e593f029
- SHA512
  
  ff8b70f98c2fe80e85ea0883f1fa98fb24ab6975a84b3b4fe8de012133abf5e0a0eee7bf95021d0201877a3d6c378666d71be93ab9011ecfff7595193345d6a6
- SSDEEP
  
  6144:OkrLwE7/pSTtOWFhzWtRNY9gIBuQulO7oFo5n4Xd9wDhoQhGZtUi8/1j304U48uH:OkrLwELW/6NYQFOn4Xyipo
Score

3^/10

execution
behavioral3
- Target
  
  Debug/scripts/Unc Test.lua
- Size
  
  28KB
- MD5
  
  b76726d10354343d9af5c268e40b47c4
- SHA1
  
  7103c78071be0c65c8b3a217168cf7909aef748e
- SHA256
  
  e8d53406c916b8e827c65c8f00d8a18b1379e693fd0379e8116e749bdf860cf5
- SHA512
  
  5caffd8a06058e890fe4ae35430539281cf53fa791221189f0f6660778a83fa42cc3e5374ce06ff325420d92006c2bfe1003f1486714e889964075da66b046eb
- SSDEEP
  
  768:JopEYRzOKMrGrE7BWf9r+T+f9TkIuP4hUUsbU8FqQFBF5UXzRFEe3cSG5Sg/i5rx:JEKcZuy9p
Score

3^/10

execution
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

dcratdiscoveryinfostealerrat

behavioral3

behavioral4