dcrat | 0b3af32b322e30f7f68017c13e59e71b6b1f26756477e122b40a20434bd01d01 | Triage

Submit
Reports

Overview

overview

Static

static

0b3af32b32...01.exe

windows7-x64

0b3af32b32...01.exe

windows10-2004-x64

Sharing

General

Target

0b3af32b322e30f7f68017c13e59e71b6b1f26756477e122b40a20434bd01d01.exe
Size

560KB
Sample

241205-ch85pasqby
MD5

37cb065f052d8cf6a46d41d6225b9a9f
SHA1

ffcd01452c4b695f1371787a5c728c692283fca2
SHA256

0b3af32b322e30f7f68017c13e59e71b6b1f26756477e122b40a20434bd01d01
SHA512

8a2850f61af22a40ebb1e11c1d294cd74c94cf3b365619a4588bfbc54362575467cff4a5d75f685354b073453ad9892125739e78468a8dc550e52ccab88df47e
SSDEEP

6144:s/9Sb1sKhV/+NZCwUW/mulaEqLhEWRzSyAZW9z9mXbj7Gvvai33Ew8X6Asz6UrZ:sFK1DH/p8l/zWRdP5mfA33EjKf6UrZ

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0b3af32b322e30f7f68017c13e59e71b6b1f26756477e122b40a20434bd01d01.exe

Resource

win7-20240903-en

dcrat infostealer rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b3af32b322e30f7f68017c13e59e71b6b1f26756477e122b40a20434bd01d01.exe

Resource

win10v2004-20241007-en

dcrat infostealer rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  0b3af32b322e30f7f68017c13e59e71b6b1f26756477e122b40a20434bd01d01.exe
- Size
  
  560KB
- MD5
  
  37cb065f052d8cf6a46d41d6225b9a9f
- SHA1
  
  ffcd01452c4b695f1371787a5c728c692283fca2
- SHA256
  
  0b3af32b322e30f7f68017c13e59e71b6b1f26756477e122b40a20434bd01d01
- SHA512
  
  8a2850f61af22a40ebb1e11c1d294cd74c94cf3b365619a4588bfbc54362575467cff4a5d75f685354b073453ad9892125739e78468a8dc550e52ccab88df47e
- SSDEEP
  
  6144:s/9Sb1sKhV/+NZCwUW/mulaEqLhEWRzSyAZW9z9mXbj7Gvvai33Ew8X6Asz6UrZ:sFK1DH/p8l/zWRdP5mfA33EjKf6UrZ
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy