dcrat | d333bb196b4055cd752e86834b3b178603edb81c18f8bf46a3332916908481c5 | Triage

Sharing

General

Target

517d21cbe45c2a88930aa345c2a5c36b.bin
Size

1.7MB
Sample

241222-bp7prsxnhm
MD5

fe5123e880491515874e640bfecef582
SHA1

bcb17ceb4a8670cd94e9ff3240e2664143c1b750
SHA256

d333bb196b4055cd752e86834b3b178603edb81c18f8bf46a3332916908481c5
SHA512

71953f166182e55d1627ba092e3198904101e8d489d1f6fba247f2af5be99bbd795745f85deab747a22061855cd7afb40fef3f1611bcab697829200261e6b272
SSDEEP

49152:q61cA1bP8NrfWxjCMqfPmwLs+v6sgze2Oyxio15:q61cAtiWxOMSm3sgzJwo/

Score

10^/10

dcrat discovery infostealer rat spyware stealer

Malware Config

Targets

- Target
  
  4b9cb0b6b953edda63999ddd41656c7c509cfb02298eaac8929010c29971cec9.exe
- Size
  
  2.3MB
- MD5
  
  517d21cbe45c2a88930aa345c2a5c36b
- SHA1
  
  f8c2b259ed15eb455fc345f54a9ef9b0aace552c
- SHA256
  
  4b9cb0b6b953edda63999ddd41656c7c509cfb02298eaac8929010c29971cec9
- SHA512
  
  b912bf7ea3fc0e929890ce6048e89ab797b0ebf4b54e87989bdf4f2eb06cb68e1accd52200105c1079336ba57525aa200cd48c769e24ce1827906948d6f28d3f
- SSDEEP
  
  49152:IBJQcFZTdUJWxOOZPHst87uOLOkMRxJgSrSmMsce:yOczpGWdZPHu9WuRx9rrJT
Score

10^/10

dcrat discovery infostealer rat spyware stealer
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryinfostealerratspywarestealer

behavioral2

dcratdiscoveryinfostealerrat