dcrat | cb9d8ee783ab69f0ddb033187681264686982a82d82a09794fea1b6de7fea3a0 | Triage

Submit
Reports

Overview

overview

Static

static

3

cb9d8ee783...0N.exe

windows7-x64

cb9d8ee783...0N.exe

windows10-2004-x64

Sharing

General

Target

cb9d8ee783ab69f0ddb033187681264686982a82d82a09794fea1b6de7fea3a0N.exe
Size

1.6MB
Sample

241117-wtawtavlet
MD5

a9ccc8eefd0a09f70dc9e929fd7d3f20
SHA1

594a474233d4462cbaeabe4fca98e6869e9efff2
SHA256

cb9d8ee783ab69f0ddb033187681264686982a82d82a09794fea1b6de7fea3a0
SHA512

91781525d2c54f101d8ba898af7f4f95c3d412bc0fd3793675b2fac4c598219234b6d0acee3d4f27016a424884615c410be644b1e563db1d102b99a8f92b9f27
SSDEEP

24576:Wr3+VTI7YmAX6LGRwQHly8XIrDExXGLwiDZ1G/MdeZ75+mHxeipjsRn6Nil:WUS9ZDExWNtM/MdeZ77ej6c

Score

10^/10

dcrat discovery infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cb9d8ee783ab69f0ddb033187681264686982a82d82a09794fea1b6de7fea3a0N.exe

Resource

win7-20241010-en

dcrat discovery infostealer rat

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

cb9d8ee783ab69f0ddb033187681264686982a82d82a09794fea1b6de7fea3a0N.exe

Resource

win10v2004-20241007-en

dcrat discovery infostealer rat

windows10-2004-x64

12 signatures

120 seconds

Malware Config

Targets

- Target
  
  cb9d8ee783ab69f0ddb033187681264686982a82d82a09794fea1b6de7fea3a0N.exe
- Size
  
  1.6MB
- MD5
  
  a9ccc8eefd0a09f70dc9e929fd7d3f20
- SHA1
  
  594a474233d4462cbaeabe4fca98e6869e9efff2
- SHA256
  
  cb9d8ee783ab69f0ddb033187681264686982a82d82a09794fea1b6de7fea3a0
- SHA512
  
  91781525d2c54f101d8ba898af7f4f95c3d412bc0fd3793675b2fac4c598219234b6d0acee3d4f27016a424884615c410be644b1e563db1d102b99a8f92b9f27
- SSDEEP
  
  24576:Wr3+VTI7YmAX6LGRwQHly8XIrDExXGLwiDZ1G/MdeZ75+mHxeipjsRn6Nil:WUS9ZDExWNtM/MdeZ77ej6c
Score

10^/10

dcrat discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryinfostealerrat

behavioral2

dcratdiscoveryinfostealerrat

© 2018-2024

Terms | Privacy