dcrat | 369fee29d5d28b92e18c413371a74421a66ae2df72ffd1931826a2f5965b5880 | Triage

Sharing

General

Target

StablePolaria.zip
Size

15.1MB
Sample

250118-x91b3ssrcp
MD5

e3dd9f57df59adbad3fa267be5d2805a
SHA1

afe07732c1d31ab25dc5df21a3bad194a141826f
SHA256

369fee29d5d28b92e18c413371a74421a66ae2df72ffd1931826a2f5965b5880
SHA512

afd9bfa3069492dfc9017163dcb9c30bbb7537b4235a1bbc82ba61321682e2b342f0c60583ae613ec98423677484fec3e374abfd5a6c1763ad7debecb97ee85c
SSDEEP

24576:i2G/nvxW3WY3h0KomE5c7JtTE/TWsO8MxL1ccccccccccccccccccccccccccccV:ibA3x3GKCuP3AMN

Score

10^/10

dcrat discovery infostealer rat

Malware Config

Targets

- Target
  
  StablePolaria.zip
- Size
  
  15.1MB
- MD5
  
  e3dd9f57df59adbad3fa267be5d2805a
- SHA1
  
  afe07732c1d31ab25dc5df21a3bad194a141826f
- SHA256
  
  369fee29d5d28b92e18c413371a74421a66ae2df72ffd1931826a2f5965b5880
- SHA512
  
  afd9bfa3069492dfc9017163dcb9c30bbb7537b4235a1bbc82ba61321682e2b342f0c60583ae613ec98423677484fec3e374abfd5a6c1763ad7debecb97ee85c
- SSDEEP
  
  24576:i2G/nvxW3WY3h0KomE5c7JtTE/TWsO8MxL1ccccccccccccccccccccccccccccV:ibA3x3GKCuP3AMN
Score

1^/10
behavioral1
- Target
  
  StablePolaria/Bin.tx
- Size
  
  28KB
- MD5
  
  b96b79d79134ffc54be0aad7a414767f
- SHA1
  
  8f5f854351dab152ebd6b6743017d18bce168121
- SHA256
  
  462a2d9ec096041e3f4136c98eb2bc2c8a4981ce2ce8075a7e92220d22bf47c1
- SHA512
  
  5373be30b05602af01ee04b0cc6d7135a42759f7d1603747852dca4b750a26efb7a0be9c98a191f3c0545136919db085baff3cd6d2bef2d6a0dcb8c381be30f7
- SSDEEP
  
  96:zgT1CTo5WNlO646/+9dgY3/B7/H+94shlFnV6gm8yGqqF/Yv9M3YZBlgR50NyTZP:g5UNXwtFhshzV6P4JqOmo5L9w4
Score

3^/10
behavioral2
- Target
  
  StablePolaria/PolariaClientStable.exe
- Size
  
  1.2MB
- MD5
  
  93beba30961d66c4bf317a91e2ceab60
- SHA1
  
  5c394cf0254b1eebb9a978556ce6d94f8fced169
- SHA256
  
  da55b07483858fc038855e7aa1290036419f9dadb362c510951d20385106584d
- SHA512
  
  9a7ed86f099c7ab52357cc846e3d872bf4e9f33e3792e16395200e1c4cc9e0b491a94eb45430c202da50a4f2bdb23f0d7d2bcaa4aefe735996462f9789a0ae7d
- SSDEEP
  
  24576:O2G/nvxW3WY3h0KomE5c7JtTE/TWsO8Mxj:ObA3x3GKCuP3AMp
Score

10^/10

dcrat discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
behavioral3
- Target
  
  StablePolaria/binrc/StableModeFix.txt
- Size
  
  372KB
- MD5
  
  f526b9585042f5bfab8c8682c38383de
- SHA1
  
  ee6513fd07c26bdc083edd1988fc816742627b35
- SHA256
  
  cc55804385b8d4640f8eb4b129f02814a5cf4d7e6584bef3c1fe7caf26899857
- SHA512
  
  ab3cdb049ea6049eda4a035987538ba73bc12f5cce73b50147d097bab8f7dbc6dccea70916c865a7d91ca767ff208dc624a6bab5218004bd293f0b9c14039be3
- SSDEEP
  
  6144:uy4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4b4Q:uy4b4b4b4b4b4b4b4b4b4b4b4b4b4b4g
Score

3^/10
behavioral4
- Target
  
  StablePolaria/binrc/jrkk.bin
- Size
  
  2.2MB
- MD5
  
  3e944b806928785a0462fcd3caf0fbd9
- SHA1
  
  48a771a064144cdf5590c8abcc17fbb061d9a1a1
- SHA256
  
  c1e42633f63f1eca77606163cee7d08caf6b89e12d5fcb665290b16386a01e4b
- SHA512
  
  fff06dffca8556b47fc76d38fffd5d8071fc8a950599f94104a865b127226a5de91ff3de79a80499b1c67cdf6a88e7bbcd09d57e6a8ceddae7098a49b840b808
- SSDEEP
  
  3:HLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLX:n
Score

3^/10
behavioral5
- Target
  
  StablePolaria/dllss/BetaMode.dll
- Size
  
  4.1MB
- MD5
  
  da6954324aa117b54b02e4b2bff42221
- SHA1
  
  3709f064aa6752ccd072dd55b0c3814d56224234
- SHA256
  
  75865fc995da1c28c4e302b447a9690083153098096fd678fb1123a9cd0b2c43
- SHA512
  
  2c2fd12a531f116086a518d9556949c6f79739d78f7c77f403c13cfdc91597993996eadcc3559cf45156bcad67c9c4b9b95372c5d8ffc5affff9412bdcae31bf
- SSDEEP
  
  24576:8cccccccccccccccccccccccccccccccccccccccccccccccccccccAccccccccV:i
Score

1^/10
behavioral6
- Target
  
  StablePolaria/dllss/Data.dll
- Size
  
  4.1MB
- MD5
  
  51dea40f3daef4fff5a07358db9efb51
- SHA1
  
  35b66c8e47e5ab937477b9816129ec5f96a13c93
- SHA256
  
  805df5c4ac52f3db463f0f7c44cf921fbfc85ccdab4382f89b7e06ffeeee18bd
- SHA512
  
  b27fed18279088fc2ec85a778a0934ded7a433c1cd372fdf997b429faa510362c02332ce63294f78b27f5d6c6d0e73ed21a3cdf6a5b24216f3caf247c1870f0d
- SSDEEP
  
  24576:JBKGBKABKGBKnBKGBKnBKGBKnBKGBKnBKGBK4:X
Score

1^/10
behavioral7
- Target
  
  StablePolaria/dllss/PolariaWindows.dll
- Size
  
  3.1MB
- MD5
  
  4656cd6f442e8c6ec55fecb527fbe71e
- SHA1
  
  3521a9a6939743b07d80fcdbad28b2b1c3ce0fbe
- SHA256
  
  25a187ccbc65711feaadbb5ac4c6103e2f6ea5d5debb1130c8300d864fbd743f
- SHA512
  
  33570aa49683950477f1a1b5da6ca0fed9fc5ef87d2b451fdc038318c4f371e12f240cf6fd411a56a6582531dc6815048e21682cecdd85b7b4a6b56d984613d4
- SSDEEP
  
  1536:o1TTTTTTTTTTTTTTTTTTTTTr1TTTTTTTTTTTTTTTTTTTTTTG1TTTTTTTTTTTTTTg:2
Score

1^/10
behavioral8
- Target
  
  StablePolaria/out/Log.txt
- Size
  
  1B
- MD5
  
  f95b70fdc3088560732a5ac135644506
- SHA1
  
  60ba4b2daa4ed4d070fec06687e249e0e6f9ee45
- SHA256
  
  021fb596db81e6d02bf3d2586ee3981fe519f275c0ac9ca76bbcf2ebb4097d96
- SHA512
  
  c2d03c6efb16c3f8064b0d059e45f951f1748421a622571a52009ddcc2a670851e1ad0269fbd81d45856fa20ffacd081dd20fece7611420befb49eb984bc23ca
Score

3^/10
behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

dcratdiscoveryinfostealerrat

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9