dcrat | b2745f51ed35c1ecef03c466af5872c79a50cbf57f1b398c7c368f70c48dceac | Triage

Submit
Reports

Overview

overview

Static

static

3

DoxoGram.exe

windows10-2004-x64

Sharing

General

Target

DoxoGram.exe
Size

164.7MB
Sample

250205-trbdfstpdz
MD5

c3a81a9e5fafbb1c0d52befb0d4d5f70
SHA1

a22703fb5ea58a669189be756bea90b875b189e5
SHA256

b2745f51ed35c1ecef03c466af5872c79a50cbf57f1b398c7c368f70c48dceac
SHA512

96a78469b9730116cb5dc9e9ea9703d080e90a817da56fd557ad63faa59c54e74c683afa4dd32fa61cd504aa44616b5c3b9ea9151fc2eec589e5cc3cbfa9b525
SSDEEP

24576:zTbBv5rUdzf3fDhPCGgZrYLolvaongbHIBnS9JoLUIMxjqkUztx0/ceaEj1PtM:tBK/8aEgbQS9JoLUrxWlZx3ej

Score

10^/10

dcrat discovery infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DoxoGram.exe

Resource

win10v2004-20250129-en

dcrat discovery infostealer rat

windows10-2004-x64

15 signatures

600 seconds

Malware Config

Targets

- Target
  
  DoxoGram.exe
- Size
  
  164.7MB
- MD5
  
  c3a81a9e5fafbb1c0d52befb0d4d5f70
- SHA1
  
  a22703fb5ea58a669189be756bea90b875b189e5
- SHA256
  
  b2745f51ed35c1ecef03c466af5872c79a50cbf57f1b398c7c368f70c48dceac
- SHA512
  
  96a78469b9730116cb5dc9e9ea9703d080e90a817da56fd557ad63faa59c54e74c683afa4dd32fa61cd504aa44616b5c3b9ea9151fc2eec589e5cc3cbfa9b525
- SSDEEP
  
  24576:zTbBv5rUdzf3fDhPCGgZrYLolvaongbHIBnS9JoLUIMxjqkUztx0/ceaEj1PtM:tBK/8aEgbQS9JoLUrxWlZx3ej
Score

10^/10

dcrat discovery infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratdiscoveryinfostealerrat

© 2018-2025

Terms | Privacy