dcrat | b3b5e03f84d34eb050580e5aa00f4324af3134b1a4d2aa4053a81824cef162c8 | Triage

Submit
Reports

Overview

overview

Static

static

b3b5e03f84...c8.exe

windows7-x64

b3b5e03f84...c8.exe

windows10-2004-x64

Sharing

General

Target

b3b5e03f84d34eb050580e5aa00f4324af3134b1a4d2aa4053a81824cef162c8.exe
Size

1.1MB
Sample

250108-dgsa8a1mgv
MD5

5512b3a1a182131b7829c06e8b3ab318
SHA1

0eecd6925320b80af74c18a162e8313885dec8f4
SHA256

b3b5e03f84d34eb050580e5aa00f4324af3134b1a4d2aa4053a81824cef162c8
SHA512

5322426d7490e21ac960987479c8401ec58fb8b9b8dcddaf8145c2177c7a48531f02485e1583fd2801652814ef7b2145bab79558d6589af8c8dc614149afe987
SSDEEP

24576:U2G/nvxW3Ww0t03QsZQWzGPrR12EVMiLIc:UbA3003HqW0R12EZ

Score

10^/10

dcrat discovery evasion infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b3b5e03f84d34eb050580e5aa00f4324af3134b1a4d2aa4053a81824cef162c8.exe

Resource

win7-20241010-en

dcrat discovery evasion infostealer rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

b3b5e03f84d34eb050580e5aa00f4324af3134b1a4d2aa4053a81824cef162c8.exe

Resource

win10v2004-20241007-en

dcrat discovery evasion infostealer rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  b3b5e03f84d34eb050580e5aa00f4324af3134b1a4d2aa4053a81824cef162c8.exe
- Size
  
  1.1MB
- MD5
  
  5512b3a1a182131b7829c06e8b3ab318
- SHA1
  
  0eecd6925320b80af74c18a162e8313885dec8f4
- SHA256
  
  b3b5e03f84d34eb050580e5aa00f4324af3134b1a4d2aa4053a81824cef162c8
- SHA512
  
  5322426d7490e21ac960987479c8401ec58fb8b9b8dcddaf8145c2177c7a48531f02485e1583fd2801652814ef7b2145bab79558d6589af8c8dc614149afe987
- SSDEEP
  
  24576:U2G/nvxW3Ww0t03QsZQWzGPrR12EVMiLIc:UbA3003HqW0R12EZ
Score

10^/10

dcrat discovery evasion infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryevasioninfostealerrat

behavioral2

dcratdiscoveryevasioninfostealerrat

© 2018-2025

Terms | Privacy