dcrat | bb0f507a87420a0597cdc40917ea1ba9c9576d3e750db3f9b66802b19550c9e7 | Triage

Submit
Reports

Overview

overview

Static

static

bb0f507a87...e7.exe

windows7-x64

bb0f507a87...e7.exe

windows10-2004-x64

Sharing

General

Target

bb0f507a87420a0597cdc40917ea1ba9c9576d3e750db3f9b66802b19550c9e7.exe
Size

2.4MB
Sample

241206-dqcxwsxnav
MD5

48b90c11912e9c7147d86c55d1e2cc94
SHA1

ffc71fb727607913aa176c85f75972f1ac6fda7c
SHA256

bb0f507a87420a0597cdc40917ea1ba9c9576d3e750db3f9b66802b19550c9e7
SHA512

175b7358de82827ca29ecef204fa2451ba44e3e3fc373f65bc40d2d888d43a5d0bc778a78f714e47369b8d9a5b37faa4106e912bb53b13791714d1c7773431f8
SSDEEP

24576:WCihq6FXaYuCw7sULqPyZwSxIshnWIjm7vZAjX+ez87TkQPI1QOmYNnNQ671:VihHsYIlwSx9WkiLekTk1FN

Score

10^/10

dcrat discovery infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

bb0f507a87420a0597cdc40917ea1ba9c9576d3e750db3f9b66802b19550c9e7.exe

Resource

win7-20240903-en

dcrat discovery infostealer rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb0f507a87420a0597cdc40917ea1ba9c9576d3e750db3f9b66802b19550c9e7.exe

Resource

win10v2004-20241007-en

dcrat discovery infostealer rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  bb0f507a87420a0597cdc40917ea1ba9c9576d3e750db3f9b66802b19550c9e7.exe
- Size
  
  2.4MB
- MD5
  
  48b90c11912e9c7147d86c55d1e2cc94
- SHA1
  
  ffc71fb727607913aa176c85f75972f1ac6fda7c
- SHA256
  
  bb0f507a87420a0597cdc40917ea1ba9c9576d3e750db3f9b66802b19550c9e7
- SHA512
  
  175b7358de82827ca29ecef204fa2451ba44e3e3fc373f65bc40d2d888d43a5d0bc778a78f714e47369b8d9a5b37faa4106e912bb53b13791714d1c7773431f8
- SSDEEP
  
  24576:WCihq6FXaYuCw7sULqPyZwSxIshnWIjm7vZAjX+ez87TkQPI1QOmYNnNQ671:VihHsYIlwSx9WkiLekTk1FN
Score

10^/10

dcrat discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryinfostealerrat

behavioral2

dcratdiscoveryinfostealerrat

© 2018-2025

Terms | Privacy