dcrat | 1fa9bed9d75dc028cbd7981fa4152a58a5762deb1a9b67a1d7ea9b8f3fbaf2a3 | Triage

Submit
Reports

Overview

overview

Static

static

3

bb118ab611...18.exe

windows7-x64

bb118ab611...18.exe

windows10-2004-x64

Sharing

General

Target

bb118ab611fb84b954cca29f66fc1c0e_JaffaCakes118
Size

1.1MB
Sample

241203-bpb8vsyldl
MD5

bb118ab611fb84b954cca29f66fc1c0e
SHA1

1ea056e2024147528dbf46096a0de9faf07f66cb
SHA256

1fa9bed9d75dc028cbd7981fa4152a58a5762deb1a9b67a1d7ea9b8f3fbaf2a3
SHA512

b1262aa2bb9439ad697966bf4408e34d7ab98280313a68627a7df9c202f839b17f4e3868ff7a03e8ea76592d5757f6b1a57344852f5f6cb5d8ea5963a4fff514
SSDEEP

12288:vl8teodM4fNDVbUs2yxeNdnSM7JrPjwIbSHPLo+DwgYJqwhSw42FhIbIGKxnqGi6:9SMpj92vU1gYJq4seqG9vjiTrsb

Score

10^/10

dcrat discovery infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bb118ab611fb84b954cca29f66fc1c0e_JaffaCakes118.exe

Resource

win7-20241023-en

dcrat discovery infostealer rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb118ab611fb84b954cca29f66fc1c0e_JaffaCakes118.exe

Resource

win10v2004-20241007-en

dcrat discovery infostealer rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  bb118ab611fb84b954cca29f66fc1c0e_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  bb118ab611fb84b954cca29f66fc1c0e
- SHA1
  
  1ea056e2024147528dbf46096a0de9faf07f66cb
- SHA256
  
  1fa9bed9d75dc028cbd7981fa4152a58a5762deb1a9b67a1d7ea9b8f3fbaf2a3
- SHA512
  
  b1262aa2bb9439ad697966bf4408e34d7ab98280313a68627a7df9c202f839b17f4e3868ff7a03e8ea76592d5757f6b1a57344852f5f6cb5d8ea5963a4fff514
- SSDEEP
  
  12288:vl8teodM4fNDVbUs2yxeNdnSM7JrPjwIbSHPLo+DwgYJqwhSw42FhIbIGKxnqGi6:9SMpj92vU1gYJq4seqG9vjiTrsb
Score

10^/10

dcrat discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryinfostealerrat

behavioral2

dcratdiscoveryinfostealerrat

© 2018-2024

Terms | Privacy