dcrat | ba4ee013fcd8d368e3dce52e5e71f9ce2256aff2b994e9d06ed591b30ef6345d | Triage

Sharing

General

Target

stand.zip
Size

18.8MB
Sample

250125-a4jqtaxjds
MD5

47bf289d087bd0a29f8e2623f1afcb3c
SHA1

a0ee3d9e972280c3413e37499bea3ac31deb1405
SHA256

ba4ee013fcd8d368e3dce52e5e71f9ce2256aff2b994e9d06ed591b30ef6345d
SHA512

67c911ae8962cd38717c59a12a51dd5adb9efc4fed8f33ca91455d3c195dc256d646f0ca1363b90f23f603fd03e8bd60a9824747b9abf52fa23ef359b49f8a86
SSDEEP

393216:reP3BpSbKdHVhrdC2XiSVatPV/4102REtmBpHfxULXG5qX19c9Tcr:r8RpS27hpC4HQEWJtmBBf6L25+e2r

Score

10^/10

dcrat discovery execution infostealer rat

Malware Config

Targets

- Target
  
  stand.exe
- Size
  
  40.8MB
- MD5
  
  9901c3d5708e8490d8ba6d3732fd4a64
- SHA1
  
  a40f732caa8e91909dc929df14ad003aeb9bde42
- SHA256
  
  067672927a61dc4b5d2c1850c4b6219ff42537b0758475dae2a43ddb0250f0c8
- SHA512
  
  8f310f41f3366a65be2f43437796cae84c0a8e0881d7ee1488468cd41a66f4b45e6ffcd85447ff935856b5fd9de601f2551cd710e8a50adc1c30641627acc856
- SSDEEP
  
  393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfC:fMguj8Q4VfvCqFTrYZ7ORuV0gAX
Score

10^/10

dcrat discovery execution infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- DCRat payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

dcratdiscoveryexecutioninfostealerrat