dcrat | 5c8bb6e672b99729898943e947d266b2f53f3514068cd89225741a80463c2edc | Triage

Submit
Reports

Overview

overview

Static

static

5c8bb6e672...cN.exe

windows7-x64

5c8bb6e672...cN.exe

windows10-2004-x64

Sharing

General

Target

5c8bb6e672b99729898943e947d266b2f53f3514068cd89225741a80463c2edcN.exe
Size

2.3MB
Sample

250116-er876a1mds
MD5

97fa326a760987d1c96801f65c705bb0
SHA1

7024cfcb2f42320212f08fada83916189131717c
SHA256

5c8bb6e672b99729898943e947d266b2f53f3514068cd89225741a80463c2edc
SHA512

ad0a599a90f368c710349bec888a1a491ee59f5e3d5c8d6e2703691cb584f1fc9ca10a1dbc5c4cbd4c7e26c6779c48ad4104051f4fc1cad3d1691de04cc84aef
SSDEEP

49152:P581k6pWQwY9zhWLCGUdeuGMvLq0jvYQxk:P58C6pgTEO0jvYQ

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

5c8bb6e672b99729898943e947d266b2f53f3514068cd89225741a80463c2edcN.exe

Resource

win7-20240903-en

dcrat infostealer rat

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

5c8bb6e672b99729898943e947d266b2f53f3514068cd89225741a80463c2edcN.exe

Resource

win10v2004-20241007-en

dcrat infostealer rat

windows10-2004-x64

16 signatures

120 seconds

Malware Config

Targets

- Target
  
  5c8bb6e672b99729898943e947d266b2f53f3514068cd89225741a80463c2edcN.exe
- Size
  
  2.3MB
- MD5
  
  97fa326a760987d1c96801f65c705bb0
- SHA1
  
  7024cfcb2f42320212f08fada83916189131717c
- SHA256
  
  5c8bb6e672b99729898943e947d266b2f53f3514068cd89225741a80463c2edc
- SHA512
  
  ad0a599a90f368c710349bec888a1a491ee59f5e3d5c8d6e2703691cb584f1fc9ca10a1dbc5c4cbd4c7e26c6779c48ad4104051f4fc1cad3d1691de04cc84aef
- SSDEEP
  
  49152:P581k6pWQwY9zhWLCGUdeuGMvLq0jvYQxk:P58C6pgTEO0jvYQ
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy