dcrat | 0b5266ad1c75b3a3d186a050f140ee2d11b076440320989bda85197d3716a3a1 | Triage

Sharing

General

Target

0b5266ad1c75b3a3d186a050f140ee2d11b076440320989bda85197d3716a3a1.exe
Size

1.9MB
Sample

250108-cg4hta1mgk
MD5

f022320106ebe6ef239cb75c93f6b3ad
SHA1

b183fb4f66d5327889a0440eca1a61a69ae9cc00
SHA256

0b5266ad1c75b3a3d186a050f140ee2d11b076440320989bda85197d3716a3a1
SHA512

e77d922f9bcc6e9f383d955623c532942f5d6fbc8f41f29d284a165abdb4d6a77ac76cbc1826dabf8bd14fbaa4257258e866c4330d30cf05f17e9b4313dd5f23
SSDEEP

24576:0bTfyVA9AatfC65K16JPuO+Q3Qvi4m4B2g83KWlumjyICs7reNJCN5a4VznpQiCx:avpAwPDpa9mw2nKWljVeNJCyyVqVa

Score

10^/10

dcrat discovery infostealer rat spyware stealer

Malware Config

Targets

- Target
  
  0b5266ad1c75b3a3d186a050f140ee2d11b076440320989bda85197d3716a3a1.exe
- Size
  
  1.9MB
- MD5
  
  f022320106ebe6ef239cb75c93f6b3ad
- SHA1
  
  b183fb4f66d5327889a0440eca1a61a69ae9cc00
- SHA256
  
  0b5266ad1c75b3a3d186a050f140ee2d11b076440320989bda85197d3716a3a1
- SHA512
  
  e77d922f9bcc6e9f383d955623c532942f5d6fbc8f41f29d284a165abdb4d6a77ac76cbc1826dabf8bd14fbaa4257258e866c4330d30cf05f17e9b4313dd5f23
- SSDEEP
  
  24576:0bTfyVA9AatfC65K16JPuO+Q3Qvi4m4B2g83KWlumjyICs7reNJCN5a4VznpQiCx:avpAwPDpa9mw2nKWljVeNJCyyVqVa
Score

10^/10

dcrat discovery infostealer rat spyware stealer
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryinfostealerratspywarestealer

behavioral2

dcratdiscoveryinfostealerratspywarestealer