dcrat | dce5f8b5b180084796a8f8d7cfb22d112ae3694fb649649543ad8b3ba2e8e37c | Triage

Submit
Reports

Overview

overview

Static

static

5

Dcrat (123).zip

windows10-2004-x64

Sharing

General

Target

Dcrat (123).zip
Size

19.3MB
Sample

250114-2mybesskb1
MD5

ada95e6c53495d51f34c6d72fc307d2b
SHA1

757911647698aa230384eb959d3a8f21b2e294f1
SHA256

dce5f8b5b180084796a8f8d7cfb22d112ae3694fb649649543ad8b3ba2e8e37c
SHA512

4b7dea50882c870b4581f3a57b043b9c567b52592ff430dc26fa58eb1ba1c43f18d1b59bc2dd6e353c950be8f570a1a88e46b8ec4fa6988e7831a22a403013aa
SSDEEP

393216:C6gw5Z8d2wavvVtMPKwkMbpQjC/yTQAToEY6fmpEW+fz4wbMy:xo4vASwkMbpQjXTZYAmpj+rDbMy

Score

10^/10

dcrat discovery execution infostealer rat upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Dcrat (123).zip

Resource

win10v2004-20241007-en

dcrat discovery execution infostealer rat

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  Dcrat (123).zip
- Size
  
  19.3MB
- MD5
  
  ada95e6c53495d51f34c6d72fc307d2b
- SHA1
  
  757911647698aa230384eb959d3a8f21b2e294f1
- SHA256
  
  dce5f8b5b180084796a8f8d7cfb22d112ae3694fb649649543ad8b3ba2e8e37c
- SHA512
  
  4b7dea50882c870b4581f3a57b043b9c567b52592ff430dc26fa58eb1ba1c43f18d1b59bc2dd6e353c950be8f570a1a88e46b8ec4fa6988e7831a22a403013aa
- SSDEEP
  
  393216:C6gw5Z8d2wavvVtMPKwkMbpQjC/yTQAToEY6fmpEW+fz4wbMy:xo4vASwkMbpQjXTZYAmpj+rDbMy
Score

10^/10

dcrat discovery execution infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryexecutioninfostealerrat

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.