dcrat | 201b19bee9b23aa8e7b3dbd48c26807575d1afefc93b3c48919c53c2f783efe8 | Triage

Submit
Reports

Overview

overview

Static

static

3

mapper.exe

windows10-2004-x64

Sharing

General

Target

mapper.exe
Size

2.2MB
Sample

250127-vcrbssxrft
MD5

fa4133a7fdab4e145e1f314517e0aea6
SHA1

198e79c9360e4862c8b3f31753b79d8b30de2bc0
SHA256

201b19bee9b23aa8e7b3dbd48c26807575d1afefc93b3c48919c53c2f783efe8
SHA512

e788806d5b28a58ea36020a5c0182ced2c8432f184196e90c5dc908d0fae16b6e7b7db43c15318050a2ed2e5af1dc92400a10bbec884c8c8500d194af78f23c8
SSDEEP

24576:PFOaMTbBv5rUyXVDUcOnLthC1NYSwMqIX/UgNG0Bb1+M/zRP9Edn6xk7ha5KnJUy:t6BJZOKwMqE/U4vBsMrYn6mha5uJ6Q0O

Score

10^/10

dcrat defense_evasion discovery infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

mapper.exe

Resource

win10v2004-20241007-en

dcrat defense_evasion discovery infostealer persistence rat

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  mapper.exe
- Size
  
  2.2MB
- MD5
  
  fa4133a7fdab4e145e1f314517e0aea6
- SHA1
  
  198e79c9360e4862c8b3f31753b79d8b30de2bc0
- SHA256
  
  201b19bee9b23aa8e7b3dbd48c26807575d1afefc93b3c48919c53c2f783efe8
- SHA512
  
  e788806d5b28a58ea36020a5c0182ced2c8432f184196e90c5dc908d0fae16b6e7b7db43c15318050a2ed2e5af1dc92400a10bbec884c8c8500d194af78f23c8
- SSDEEP
  
  24576:PFOaMTbBv5rUyXVDUcOnLthC1NYSwMqIX/UgNG0Bb1+M/zRP9Edn6xk7ha5KnJUy:t6BJZOKwMqE/U4vBsMrYn6mha5uJ6Q0O
Score

10^/10

dcrat defense_evasion discovery infostealer persistence rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Modifies visiblity of hidden/system files in Explorer
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdefense_evasiondiscoveryinfostealerpersistencerat

© 2018-2025

Terms | Privacy