dcrat | 1b2534124e710965155b5603b8856226b17188ec14cfb3094f9e35f2d2f25e46

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17-12-2024 23:20

Target

1b2534124e710965155b5603b8856226b17188ec14cfb3094f9e35f2d2f25e46N.exe
Size

2.0MB
MD5

8382a7c86ff06e45eb4d2215885a2760
SHA1

014de9bbf29fef18dc660f85dca1aca07d1630f3
SHA256

1b2534124e710965155b5603b8856226b17188ec14cfb3094f9e35f2d2f25e46
SHA512

4631d3b43fc524e25dc32751290c5e897fdb074ebb70615a82434522b35ae19144c38bb58f1de84995bd88dd5c5c413e47533dac237601cddecad1421cdc16d5
SSDEEP

49152:ZQOavWHvEToeWC7ZdEWrsELqT/wcSNWbK1ah:ZLTHvEToeWELTWwb

Score

10^/10

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat
Dcrat family
dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
behavioral1/memory/1048-1-0x0000000001040000-0x0000000001248000-memory.dmp	dcrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1048	1b2534124e710965155b5603b8856226b17188ec14cfb3094f9e35f2d2f25e46N.exe

C:\Users\Admin\AppData\Local\Temp\1b2534124e710965155b5603b8856226b17188ec14cfb3094f9e35f2d2f25e46N.exe
"C:\Users\Admin\AppData\Local\Temp\1b2534124e710965155b5603b8856226b17188ec14cfb3094f9e35f2d2f25e46N.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1048

memory/1048-0-0x000007FEF64B3000-0x000007FEF64B4000-memory.dmp

Filesize
4KB

Download
memory/1048-1-0x0000000001040000-0x0000000001248000-memory.dmp

Filesize
2.0MB

Download
memory/1048-2-0x000007FEF64B0000-0x000007FEF6E9C000-memory.dmp

Filesize
9.9MB

Download
memory/1048-3-0x00000000002B0000-0x00000000002BE000-memory.dmp

Filesize
56KB

Download
memory/1048-4-0x00000000002C0000-0x00000000002CE000-memory.dmp

Filesize
56KB

Download
memory/1048-5-0x000007FEF64B0000-0x000007FEF6E9C000-memory.dmp

Filesize
9.9MB

Download