dcrat | 8870af0fd4d3c26a84b1eb1cd6b34e1e1fccb0ba4058189b544efad768e4ec39 | Triage

Submit
Reports

Overview

overview

Static

static

3

PlagueCrack.exe

windows10-2004-x64

Resubmissions

08-12-2024 01:23

241208-br3tlavkct 10

08-12-2024 01:17

241208-bnw7mstrgy 10

Sharing

General

Target

PlagueCrack.exe
Size

726KB
Sample

241208-bnw7mstrgy
MD5

2163c9e0594f85f2088c2d20d17ffe4d
SHA1

f86e2843a28743422b01873f074b6cfa1421656c
SHA256

8870af0fd4d3c26a84b1eb1cd6b34e1e1fccb0ba4058189b544efad768e4ec39
SHA512

53ac098dc91e088fc92ad16735932a0a091a9ea8ff400bd4abe41ebff9a375c5cf2e3396b3f18d41138185f0c31277d5bf4d0c4330abd9e99ebda05400d6f111
SSDEEP

12288:KpoIY///1UFZrXC6EBOqD4f29U4nlEyf9cRUHIoqD:9IY/Q7SBkMaqcRUo

Score

10^/10

dcrat discovery execution infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PlagueCrack.exe

Resource

win10v2004-20241007-en

dcrat discovery execution infostealer rat

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  PlagueCrack.exe
- Size
  
  726KB
- MD5
  
  2163c9e0594f85f2088c2d20d17ffe4d
- SHA1
  
  f86e2843a28743422b01873f074b6cfa1421656c
- SHA256
  
  8870af0fd4d3c26a84b1eb1cd6b34e1e1fccb0ba4058189b544efad768e4ec39
- SHA512
  
  53ac098dc91e088fc92ad16735932a0a091a9ea8ff400bd4abe41ebff9a375c5cf2e3396b3f18d41138185f0c31277d5bf4d0c4330abd9e99ebda05400d6f111
- SSDEEP
  
  12288:KpoIY///1UFZrXC6EBOqD4f29U4nlEyf9cRUHIoqD:9IY/Q7SBkMaqcRUo
Score

10^/10

dcrat discovery execution infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryexecutioninfostealerrat

© 2018-2025

Terms | Privacy