dcrat | 132d69a651072381fe311769b255409aba8304c3a5d1fd12037646222ed00700 | Triage

Submit
Reports

Overview

overview

Static

static

3

132d69a651...00.exe

windows7-x64

132d69a651...00.exe

windows10-2004-x64

Sharing

General

Target

132d69a651072381fe311769b255409aba8304c3a5d1fd12037646222ed00700.exe
Size

2.1MB
Sample

250124-j7qszaynhs
MD5

ec146a2e37bd9c70ab7fc5201db99f34
SHA1

dd50c65dfaae886a8d52e6ff4d7db85be23f7409
SHA256

132d69a651072381fe311769b255409aba8304c3a5d1fd12037646222ed00700
SHA512

f52aba728d5a824ebfe028e6a1949cf18ea84b6a424fd190e9539aee04245adfad9e8160e0f83f5d80c0693dcb61c6eefef6c793a34d2eb4e1ed79b5724866d9
SSDEEP

24576:2TbBv5rUyXV5gDkCxpg6CEyXvV/XwNXHOEAlSvZmBraKlTwCg4HNavM1TFvWiPR4:IBJONP2Vw9Z2SvZik34t0qJ/oYehq9+

Score

10^/10

dcrat defense_evasion discovery infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

132d69a651072381fe311769b255409aba8304c3a5d1fd12037646222ed00700.exe

Resource

win7-20240903-en

dcrat defense_evasion discovery infostealer rat

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

132d69a651072381fe311769b255409aba8304c3a5d1fd12037646222ed00700.exe

Resource

win10v2004-20241007-en

dcrat defense_evasion discovery infostealer rat

windows10-2004-x64

16 signatures

120 seconds

Malware Config

Targets

- Target
  
  132d69a651072381fe311769b255409aba8304c3a5d1fd12037646222ed00700.exe
- Size
  
  2.1MB
- MD5
  
  ec146a2e37bd9c70ab7fc5201db99f34
- SHA1
  
  dd50c65dfaae886a8d52e6ff4d7db85be23f7409
- SHA256
  
  132d69a651072381fe311769b255409aba8304c3a5d1fd12037646222ed00700
- SHA512
  
  f52aba728d5a824ebfe028e6a1949cf18ea84b6a424fd190e9539aee04245adfad9e8160e0f83f5d80c0693dcb61c6eefef6c793a34d2eb4e1ed79b5724866d9
- SSDEEP
  
  24576:2TbBv5rUyXV5gDkCxpg6CEyXvV/XwNXHOEAlSvZmBraKlTwCg4HNavM1TFvWiPR4:IBJONP2Vw9Z2SvZik34t0qJ/oYehq9+
Score

10^/10

dcrat defense_evasion discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Disables Task Manager via registry modification
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdefense_evasiondiscoveryinfostealerrat

behavioral2

dcratdefense_evasiondiscoveryinfostealerrat

© 2018-2025

Terms | Privacy