Overview

overview

10

Static

static

10

DCRatBuild.exe

windows7-x64

10

DCRatBuild.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DCRatBuild.exe

  • Size

    1.1MB

  • Sample

    250119-paxsxaxlcn

  • MD5

    e57a019d1bc08061c8d91d8f27c22325

  • SHA1

    b1a3eadefec298a7f5dafe2d59ced44ff7d6abb3

  • SHA256

    09d131517a12fb5f3b9079f920b9ff6328de6955812f592ba6ae31f4287d3617

  • SHA512

    83a387cc2b0f33d4b5f6e8e94835f5658b85201e5c8015d83d70e6de3d8bad101643475ffe6e20883fd5a3b9b8249dde5ec0fdb4db082aeba7c0a9b9dc1c5b70

  • SSDEEP

    24576:U2G/nvxW3Ww0tGN/1dmETXhEK5LH8wBeHr8N:UbA30GN/1FXhVLcw+rc

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      DCRatBuild.exe

    • Size

      1.1MB

    • MD5

      e57a019d1bc08061c8d91d8f27c22325

    • SHA1

      b1a3eadefec298a7f5dafe2d59ced44ff7d6abb3

    • SHA256

      09d131517a12fb5f3b9079f920b9ff6328de6955812f592ba6ae31f4287d3617

    • SHA512

      83a387cc2b0f33d4b5f6e8e94835f5658b85201e5c8015d83d70e6de3d8bad101643475ffe6e20883fd5a3b9b8249dde5ec0fdb4db082aeba7c0a9b9dc1c5b70

    • SSDEEP

      24576:U2G/nvxW3Ww0tGN/1dmETXhEK5LH8wBeHr8N:UbA30GN/1FXhVLcw+rc

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks