Overview

overview

10

Static

static

10

DCRatBuild.exe

windows7-x64

10

DCRatBuild.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DCRatBuild.exe

  • Size

    1.4MB

  • Sample

    250119-n7y7kaxkbn

  • MD5

    ba321935690190c4d51a25597cb3e9a2

  • SHA1

    73061ab45530c9742d56b41adf2e3943dbad480b

  • SHA256

    5663b076f297b34fc77ffb592bec603354eee2c45f41b050042a0e8f0abde785

  • SHA512

    64e5e880f65fde7c6a09a41d06997b143f09ef77a298c1555e8c5393d934c3c3221885e593873cd42e2ea4aee689d8a2e2265f08f57d519282a3079ba02bc682

  • SSDEEP

    24576:U2G/nvxW3Ww0traJFZQMVsk01XCw4PmFRgOTZT1iKv8V:UbA30r+7q4PWJFC

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      DCRatBuild.exe

    • Size

      1.4MB

    • MD5

      ba321935690190c4d51a25597cb3e9a2

    • SHA1

      73061ab45530c9742d56b41adf2e3943dbad480b

    • SHA256

      5663b076f297b34fc77ffb592bec603354eee2c45f41b050042a0e8f0abde785

    • SHA512

      64e5e880f65fde7c6a09a41d06997b143f09ef77a298c1555e8c5393d934c3c3221885e593873cd42e2ea4aee689d8a2e2265f08f57d519282a3079ba02bc682

    • SSDEEP

      24576:U2G/nvxW3Ww0traJFZQMVsk01XCw4PmFRgOTZT1iKv8V:UbA30r+7q4PWJFC

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks