dcrat | 65b40c1d42b7b6248defa42191a2ac60c239f8f72889a6544e7427ab3c7c0587 | Triage

Submit
Reports

Overview

overview

Static

static

Telegram.exe

windows11-21h2-x64

Sharing

General

Target

Telegram.exe
Size

1.5MB
Sample

250119-tp2gvsvph1
MD5

cbc1250f5968b3aad9f7b917ab0cb3fa
SHA1

57b64deea04bc339894d77725703c4d0b239f47e
SHA256

65b40c1d42b7b6248defa42191a2ac60c239f8f72889a6544e7427ab3c7c0587
SHA512

cf5eabff6cdcff3a314d3e884028ad908ab866934af520623e97f7ed9b58834e7c34f3b371288461c627eb7921e8e94a29e0390151134efd46263d3fb3b3cc93
SSDEEP

24576:U2G/nvxW3Ww0twsabRr96PUyifNzW657ZcGUOXTjieEVFpZ9867SgxeU1nS9x8Ay:UbA30+R0U5xgOFsbP7Bxe0S74yw

Score

10^/10

dcrat discovery evasion infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Telegram.exe

Resource

win11-20241007-en

dcrat discovery evasion infostealer rat

windows11-21h2-x64

17 signatures

300 seconds

Malware Config

Targets

- Target
  
  Telegram.exe
- Size
  
  1.5MB
- MD5
  
  cbc1250f5968b3aad9f7b917ab0cb3fa
- SHA1
  
  57b64deea04bc339894d77725703c4d0b239f47e
- SHA256
  
  65b40c1d42b7b6248defa42191a2ac60c239f8f72889a6544e7427ab3c7c0587
- SHA512
  
  cf5eabff6cdcff3a314d3e884028ad908ab866934af520623e97f7ed9b58834e7c34f3b371288461c627eb7921e8e94a29e0390151134efd46263d3fb3b3cc93
- SSDEEP
  
  24576:U2G/nvxW3Ww0twsabRr96PUyifNzW657ZcGUOXTjieEVFpZ9867SgxeU1nS9x8Ay:UbA30+R0U5xgOFsbP7Bxe0S74yw
Score

10^/10

dcrat discovery evasion infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryevasioninfostealerrat

© 2018-2025

Terms | Privacy