dcrat

General

Target

e113d1eb93a1bb51fcd6f67df606da197e897c7eb7ff65d2038a836122451081
Size

1.5MB
Sample

241208-zp6pgatqd1
MD5

e21e16be3e5d762e1e33bec36aa482be
SHA1

641e7bcd3881bae636d8100e7c0db08bfb73b912
SHA256

e113d1eb93a1bb51fcd6f67df606da197e897c7eb7ff65d2038a836122451081
SHA512

3cdde9af8e73709a1727941780967599e153cf6e1a13a16baa6a9720bb40a16c7c776a402f347c60290e81f2d9bedd7480a4841b5cc1b8c46b7de09cca96624a
SSDEEP

24576:VJ/w6JHKyfE6Ve1uZv0YNeNijhBCjNUsdUmC5X75Ve3Sws1Ek1XCo2:7HVEKe1uZsUeghojNUsdDC5X7ncSzEk0

Score

10^/10

Malware Config

Targets

- Target
  
  e113d1eb93a1bb51fcd6f67df606da197e897c7eb7ff65d2038a836122451081
- Size
  
  1.5MB
- MD5
  
  e21e16be3e5d762e1e33bec36aa482be
- SHA1
  
  641e7bcd3881bae636d8100e7c0db08bfb73b912
- SHA256
  
  e113d1eb93a1bb51fcd6f67df606da197e897c7eb7ff65d2038a836122451081
- SHA512
  
  3cdde9af8e73709a1727941780967599e153cf6e1a13a16baa6a9720bb40a16c7c776a402f347c60290e81f2d9bedd7480a4841b5cc1b8c46b7de09cca96624a
- SSDEEP
  
  24576:VJ/w6JHKyfE6Ve1uZv0YNeNijhBCjNUsdUmC5X75Ve3Sws1Ek1XCo2:7HVEKe1uZsUeghojNUsdDC5X7ncSzEk0
Score

10^/10

dcrat discovery execution infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2