dcrat | e97b00664e3ace00f7526576e3afdb4b3688b294903fe503700a6770e58b6693 | Triage

Sharing

General

Target

e97b00664e3ace00f7526576e3afdb4b3688b294903fe503700a6770e58b6693.exe
Size

427KB
Sample

241204-en9drawpdm
MD5

4ca46cadce6ab6dc7aa268e158e78012
SHA1

ee012afd93326366806ba7badfc2d078fe168879
SHA256

e97b00664e3ace00f7526576e3afdb4b3688b294903fe503700a6770e58b6693
SHA512

495af2f8ffad51ce2f4ede111cc9260f05ea0a02638adf13c92e9679306f50b637dc8c83516443b5ea610495dadce11d8ac8cdc966e1b7d5e1cd6ba7e4630e43
SSDEEP

6144:OAFvyPmv34F6CYlaAD3l0HkffT+DOsrTyFyiYy73KywNzZ:OAk+4HYlti8qDZyyTy73KymZ

Score

10^/10

dcrat infostealer rat

Malware Config

Targets

- Target
  
  e97b00664e3ace00f7526576e3afdb4b3688b294903fe503700a6770e58b6693.exe
- Size
  
  427KB
- MD5
  
  4ca46cadce6ab6dc7aa268e158e78012
- SHA1
  
  ee012afd93326366806ba7badfc2d078fe168879
- SHA256
  
  e97b00664e3ace00f7526576e3afdb4b3688b294903fe503700a6770e58b6693
- SHA512
  
  495af2f8ffad51ce2f4ede111cc9260f05ea0a02638adf13c92e9679306f50b637dc8c83516443b5ea610495dadce11d8ac8cdc966e1b7d5e1cd6ba7e4630e43
- SSDEEP
  
  6144:OAFvyPmv34F6CYlaAD3l0HkffT+DOsrTyFyiYy73KywNzZ:OAk+4HYlti8qDZyyTy73KymZ
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

dcratinfostealerrat