dcrat | 1c281aad64e57aed57f78a3a35797381309c161e89e70a6803f3ec166fb29c19 | Triage

Submit
Reports

Overview

overview

Static

static

1c281aad64...19.exe

windows7-x64

1c281aad64...19.exe

windows10-2004-x64

Sharing

General

Target

1c281aad64e57aed57f78a3a35797381309c161e89e70a6803f3ec166fb29c19.exe
Size

828KB
Sample

250127-ehel7a1jck
MD5

46ab1dde1bac98a34cb41166f659db27
SHA1

f12b50ad32d9290d977322c7fb9594ac54d7b64a
SHA256

1c281aad64e57aed57f78a3a35797381309c161e89e70a6803f3ec166fb29c19
SHA512

4890f12e5fbd6f928936ccc2e2cd67414e339d4f2058b84a5cee73ad7600bc2dc5bf0368581781c047620abfa4df9e3fddcb9185f88222d574d6503f67d897b9
SSDEEP

12288:gF+JPdVQB7gH+F44vYVYJ21H3z2oLtubNUPX08fab:gFcVU7gG44vYVH1H/obyCb

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1c281aad64e57aed57f78a3a35797381309c161e89e70a6803f3ec166fb29c19.exe

Resource

win7-20240903-en

dcrat infostealer rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c281aad64e57aed57f78a3a35797381309c161e89e70a6803f3ec166fb29c19.exe

Resource

win10v2004-20241007-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  1c281aad64e57aed57f78a3a35797381309c161e89e70a6803f3ec166fb29c19.exe
- Size
  
  828KB
- MD5
  
  46ab1dde1bac98a34cb41166f659db27
- SHA1
  
  f12b50ad32d9290d977322c7fb9594ac54d7b64a
- SHA256
  
  1c281aad64e57aed57f78a3a35797381309c161e89e70a6803f3ec166fb29c19
- SHA512
  
  4890f12e5fbd6f928936ccc2e2cd67414e339d4f2058b84a5cee73ad7600bc2dc5bf0368581781c047620abfa4df9e3fddcb9185f88222d574d6503f67d897b9
- SSDEEP
  
  12288:gF+JPdVQB7gH+F44vYVYJ21H3z2oLtubNUPX08fab:gFcVU7gG44vYVH1H/obyCb
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy