dcrat | 9d1cda19a05364d02903a407a68a85313dff6bf47a4f3b42e62d125a8bfae4b8 | Triage

Submit
Reports

Overview

overview

Static

static

adf5cb2ba4...18.exe

windows7-x64

adf5cb2ba4...18.exe

windows10-2004-x64

Sharing

General

Target

adf5cb2ba4e13eba254adea54ee6855d_JaffaCakes118
Size

768KB
Sample

241128-3w8des1lcn
MD5

adf5cb2ba4e13eba254adea54ee6855d
SHA1

00759c66c70ead273372cc31964f493105539704
SHA256

9d1cda19a05364d02903a407a68a85313dff6bf47a4f3b42e62d125a8bfae4b8
SHA512

c74b19c3be4bda23deb28ce880bf63751a2baa9cc8f15096187dab4c7a2bb2c01960b3e8baba364f076501fc6b9952932ccb4773d22c0ec4cd03fca54fd08ff7
SSDEEP

12288:QqnO6RZ6I3yp4AcLuLPoRTsJhHZt+Uj8f+ZVFpuolCcVArWU:Q+O6zi4hL0oRAzgEFpl

Score

10^/10

dcrat discovery infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

adf5cb2ba4e13eba254adea54ee6855d_JaffaCakes118.exe

Resource

win7-20241010-en

dcrat discovery infostealer rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

adf5cb2ba4e13eba254adea54ee6855d_JaffaCakes118.exe

Resource

win10v2004-20241007-en

dcrat infostealer rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  adf5cb2ba4e13eba254adea54ee6855d_JaffaCakes118
- Size
  
  768KB
- MD5
  
  adf5cb2ba4e13eba254adea54ee6855d
- SHA1
  
  00759c66c70ead273372cc31964f493105539704
- SHA256
  
  9d1cda19a05364d02903a407a68a85313dff6bf47a4f3b42e62d125a8bfae4b8
- SHA512
  
  c74b19c3be4bda23deb28ce880bf63751a2baa9cc8f15096187dab4c7a2bb2c01960b3e8baba364f076501fc6b9952932ccb4773d22c0ec4cd03fca54fd08ff7
- SSDEEP
  
  12288:QqnO6RZ6I3yp4AcLuLPoRTsJhHZt+Uj8f+ZVFpuolCcVArWU:Q+O6zi4hL0oRAzgEFpl
Score

10^/10

dcrat discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy