dcrat | 6bc67978f583db1ef99eb832b456c978b8c42a5233f9ed5810fed58455e6cd6f | Triage

Submit
Reports

Overview

overview

Static

static

3

6bc67978f5...6f.exe

windows7-x64

6bc67978f5...6f.exe

windows10-2004-x64

Sharing

General

Target

6bc67978f583db1ef99eb832b456c978b8c42a5233f9ed5810fed58455e6cd6f.exe
Size

1.8MB
Sample

250112-c4nqwasldy
MD5

092f45dac00ef24f3836dbfe18dfa931
SHA1

7583f7a96b649ff903b79615ac889fdd9c1fa94d
SHA256

6bc67978f583db1ef99eb832b456c978b8c42a5233f9ed5810fed58455e6cd6f
SHA512

a9ab5073a183f0a8994d805ac368f160775f899a0e1e9fe9a62ee4f6fd81d28ade5af06b5677cc5e13ffd0b5a54edd2c36576d5b44d88c6ffa3fc04bb4e64b78
SSDEEP

49152:IBJ3w9opl/yaOHkGiQzblm+WsfjEjCAX+fgnlaNkGy+Ms:yhUopl/CCQzxm+rf4um+fklaGFs

Score

10^/10

dcrat discovery evasion execution infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6bc67978f583db1ef99eb832b456c978b8c42a5233f9ed5810fed58455e6cd6f.exe

Resource

win7-20241010-en

dcrat discovery evasion execution infostealer rat

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

6bc67978f583db1ef99eb832b456c978b8c42a5233f9ed5810fed58455e6cd6f.exe

Resource

win10v2004-20241007-en

dcrat discovery evasion execution infostealer rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  6bc67978f583db1ef99eb832b456c978b8c42a5233f9ed5810fed58455e6cd6f.exe
- Size
  
  1.8MB
- MD5
  
  092f45dac00ef24f3836dbfe18dfa931
- SHA1
  
  7583f7a96b649ff903b79615ac889fdd9c1fa94d
- SHA256
  
  6bc67978f583db1ef99eb832b456c978b8c42a5233f9ed5810fed58455e6cd6f
- SHA512
  
  a9ab5073a183f0a8994d805ac368f160775f899a0e1e9fe9a62ee4f6fd81d28ade5af06b5677cc5e13ffd0b5a54edd2c36576d5b44d88c6ffa3fc04bb4e64b78
- SSDEEP
  
  49152:IBJ3w9opl/yaOHkGiQzblm+WsfjEjCAX+fgnlaNkGy+Ms:yhUopl/CCQzxm+rf4um+fklaGFs
Score

10^/10

dcrat discovery evasion execution infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryevasionexecutioninfostealerrat

behavioral2

dcratdiscoveryevasionexecutioninfostealerrat

© 2018-2025

Terms | Privacy