dcrat | 285725b9100603eea2e9c67d60c367e734123aaa220e6989d41ccdbd09c34856 | Triage

Sharing

General

Target

285725b9100603eea2e9c67d60c367e734123aaa220e6989d41ccdbd09c34856N.exe
Size

427KB
Sample

241204-entcja1lgz
MD5

fd27e07622f1bfcaa1136e947e48c740
SHA1

2506bce8dcf5f1fe7872aefee13803def7bd1659
SHA256

285725b9100603eea2e9c67d60c367e734123aaa220e6989d41ccdbd09c34856
SHA512

17a0c964c83cc4dbc8e930b3eb8afd9209168f882ac82fabf690afcdb7240da646e348033e502a010b563e736f0a2cb410deb1bc54bb3982d15f5eede2129657
SSDEEP

6144:OAFvyPmv34F6CYlaAD3l0HkffT+DOsrTyFyiYy73KywNz:OAk+4HYlti8qDZyyTy73Kym

Score

10^/10

dcrat infostealer rat

Malware Config

Targets

- Target
  
  285725b9100603eea2e9c67d60c367e734123aaa220e6989d41ccdbd09c34856N.exe
- Size
  
  427KB
- MD5
  
  fd27e07622f1bfcaa1136e947e48c740
- SHA1
  
  2506bce8dcf5f1fe7872aefee13803def7bd1659
- SHA256
  
  285725b9100603eea2e9c67d60c367e734123aaa220e6989d41ccdbd09c34856
- SHA512
  
  17a0c964c83cc4dbc8e930b3eb8afd9209168f882ac82fabf690afcdb7240da646e348033e502a010b563e736f0a2cb410deb1bc54bb3982d15f5eede2129657
- SSDEEP
  
  6144:OAFvyPmv34F6CYlaAD3l0HkffT+DOsrTyFyiYy73KywNz:OAk+4HYlti8qDZyyTy73Kym
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

dcratinfostealerrat