dcrat | 8fa01a318cce794c99a6891b2c5f9fdd76f29d9bd079e5425353c6fd22e019dd | Triage

Submit
Reports

Overview

overview

Static

static

4151805091...ec.exe

windows7-x64

4151805091...ec.exe

windows10-2004-x64

Sharing

General

Target

fb027065b10cd311473a1a7e5aa24005.bin
Size

993KB
Sample

241117-ca46rsxpex
MD5

a3bca3fd17591a3d40d9ed245017f531
SHA1

9969abbd36148b772b1f6c1cc960e9750f2d2af6
SHA256

8fa01a318cce794c99a6891b2c5f9fdd76f29d9bd079e5425353c6fd22e019dd
SHA512

e5e593a430e7a44622a657b447bac87f24cea9efa67f1b05327e37a21c6e07a07e7e8ee0f4da191465db5aab739ecee910f9715e69cf5d1fd90121eccc53d052
SSDEEP

24576:z7rr5iA4f64hEXjn50hrmfGRPV15j9TZ9W4pNVK9TwhtLHDepAL:905EXN0kfGv+YtLDepAL

Score

10^/10

dcrat discovery infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

4151805091b50f779143ce5b0782bbcfcbd9e471c81f6ab644f4e45dd064e2ec.exe

Resource

win7-20240903-en

dcrat discovery infostealer rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4151805091b50f779143ce5b0782bbcfcbd9e471c81f6ab644f4e45dd064e2ec.exe

Resource

win10v2004-20241007-en

dcrat discovery infostealer rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  4151805091b50f779143ce5b0782bbcfcbd9e471c81f6ab644f4e45dd064e2ec.exe
- Size
  
  1.5MB
- MD5
  
  fb027065b10cd311473a1a7e5aa24005
- SHA1
  
  91fec287f958e62ce18fc1342b7f33ebd35cf0be
- SHA256
  
  4151805091b50f779143ce5b0782bbcfcbd9e471c81f6ab644f4e45dd064e2ec
- SHA512
  
  e21f788281896c9363df1e0e34c6dc11b06aa9bd9c0d5d40bae5427b4f134bffe3a9cc546e0577159d0ba6f37ecba68c49d5bfde37eaf1b1beac36abc8cdaada
- SSDEEP
  
  24576:U2G/nvxW3Ww0t2ciMa06q2YpE2yA/DFPxuBWBZCAO:UbA3021eyAbNMBWBch
Score

10^/10

dcrat discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryinfostealerrat

behavioral2

dcratdiscoveryinfostealerrat

© 2018-2024

Terms | Privacy