dcrat | 6ac3d59d497f8e48d23d023b308bb2bc2d524e37c0175849cfead05c96e097af | Triage

Submit
Reports

Overview

overview

Static

static

9aec290016...18.exe

windows7-x64

9aec290016...18.exe

windows10-2004-x64

Sharing

General

Target

9aec290016ad674b1809b9359b200689_JaffaCakes118
Size

654KB
Sample

241125-mh85ssyldn
MD5

9aec290016ad674b1809b9359b200689
SHA1

6865e7cb350b1456c85db787797487901b8b22f8
SHA256

6ac3d59d497f8e48d23d023b308bb2bc2d524e37c0175849cfead05c96e097af
SHA512

2e4ae500367adbd3bff927bdd3a843cf7bab2c2c8d2a41d215109dde42b8e2d9c250bedef42cd8733fb599111682351615b72b9baf686725dda338ea426b5aca
SSDEEP

12288:NqnO1RR3IiZDFN7/lFTSvejX9n/RXQaXYNPtBWa:N+O1DZFB/laeBpc

Score

10^/10

dcrat discovery infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9aec290016ad674b1809b9359b200689_JaffaCakes118.exe

Resource

win7-20240903-en

dcrat discovery infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

9aec290016ad674b1809b9359b200689_JaffaCakes118.exe

Resource

win10v2004-20241007-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  9aec290016ad674b1809b9359b200689_JaffaCakes118
- Size
  
  654KB
- MD5
  
  9aec290016ad674b1809b9359b200689
- SHA1
  
  6865e7cb350b1456c85db787797487901b8b22f8
- SHA256
  
  6ac3d59d497f8e48d23d023b308bb2bc2d524e37c0175849cfead05c96e097af
- SHA512
  
  2e4ae500367adbd3bff927bdd3a843cf7bab2c2c8d2a41d215109dde42b8e2d9c250bedef42cd8733fb599111682351615b72b9baf686725dda338ea426b5aca
- SSDEEP
  
  12288:NqnO1RR3IiZDFN7/lFTSvejX9n/RXQaXYNPtBWa:N+O1DZFB/laeBpc
Score

10^/10

dcrat discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy