dcrat | 0e1ea55667ec6d7ed658718be1528ce3f5e5ac464113e114a96379004137787b | Triage

Submit
Reports

Overview

overview

Static

static

голые...а.exe

windows7-x64

голые...а.exe

windows10-2004-x64

Sharing

General

Target

голые фотографии акима.exe
Size

3.7MB
Sample

241208-p5rv5stqbx
MD5

934f077da68d3fda26839f06286b71e4
SHA1

f805ec2e43d7518d420b94b954fd6b4e640ef64d
SHA256

0e1ea55667ec6d7ed658718be1528ce3f5e5ac464113e114a96379004137787b
SHA512

85e2bff55ce5aa6569d50146a3d95c611f774605fa9a8ee041cede3a928bf7585943e63aaf9eb5b14dc4d25fe6bee3e57d58c9b586653322300aaa67e87dd714
SSDEEP

49152:UbA30FDlon6ZtXRUNAtf3zkDcpigc4Jp8+bF5BxiLFHqzQ6yQH2lJwtYv2:UbZ7tXyNAtf3Rigc4n58xHqzQ6TH2Lel

Score

10^/10

dcrat discovery evasion infostealer rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

голые фотографии акима.exe

Resource

win7-20240708-en

dcrat discovery evasion infostealer rat trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

голые фотографии акима.exe

Resource

win10v2004-20241007-en

dcrat discovery evasion infostealer rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  голые фотографии акима.exe
- Size
  
  3.7MB
- MD5
  
  934f077da68d3fda26839f06286b71e4
- SHA1
  
  f805ec2e43d7518d420b94b954fd6b4e640ef64d
- SHA256
  
  0e1ea55667ec6d7ed658718be1528ce3f5e5ac464113e114a96379004137787b
- SHA512
  
  85e2bff55ce5aa6569d50146a3d95c611f774605fa9a8ee041cede3a928bf7585943e63aaf9eb5b14dc4d25fe6bee3e57d58c9b586653322300aaa67e87dd714
- SSDEEP
  
  49152:UbA30FDlon6ZtXRUNAtf3zkDcpigc4Jp8+bF5BxiLFHqzQ6yQH2lJwtYv2:UbZ7tXyNAtf3Rigc4n58xHqzQ6TH2Lel
Score

10^/10

dcrat discovery evasion infostealer rat trojan
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- UAC bypass
  evasion trojan
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Scheduled Task/Job

Scheduled Task

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryevasioninfostealerrattrojan

behavioral2

dcratdiscoveryevasioninfostealerrattrojan

© 2018-2024

Terms | Privacy