dcrat | 67a88132279e0e1d1febaa02fca35e77766d0adf1fefacda3c922174428a2f70 | Triage

Sharing

General

Target

iagj6m.exe
Size

2.1MB
Sample

241204-ydkr7axpcy
MD5

468eaabf32f5b160b19b6ccbd88fadae
SHA1

d8a2f93188429d790bd43f6dee836c96c287a57e
SHA256

67a88132279e0e1d1febaa02fca35e77766d0adf1fefacda3c922174428a2f70
SHA512

a7db93826a7193e7f4c890c180cb7a1cf71d12884b992cf29aa90faf3351c97f54797f5ecb52a91639219d707f8619c1d0ab04e663499ee6c4b281b2dd3780b6
SSDEEP

49152:IBJoehuClT3DpSX+KfJunl9CJ0ouJfK2CKaKWdIuqKs:yyehTLFFKonPJapIF

Score

10^/10

dcrat discovery execution infostealer rat spyware stealer

Malware Config

Targets

- Target
  
  iagj6m.exe
- Size
  
  2.1MB
- MD5
  
  468eaabf32f5b160b19b6ccbd88fadae
- SHA1
  
  d8a2f93188429d790bd43f6dee836c96c287a57e
- SHA256
  
  67a88132279e0e1d1febaa02fca35e77766d0adf1fefacda3c922174428a2f70
- SHA512
  
  a7db93826a7193e7f4c890c180cb7a1cf71d12884b992cf29aa90faf3351c97f54797f5ecb52a91639219d707f8619c1d0ab04e663499ee6c4b281b2dd3780b6
- SSDEEP
  
  49152:IBJoehuClT3DpSX+KfJunl9CJ0ouJfK2CKaKWdIuqKs:yyehTLFFKonPJapIF
Score

10^/10

dcrat discovery execution infostealer rat spyware stealer
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryexecutioninfostealerratspywarestealer

behavioral2

dcratdiscoveryexecutioninfostealerratspywarestealer