dcrat | a2bf0fc5a323073723c337d9a90e5141bd2ff9ad0b3f70459ee695962f87f8e6 | Triage

Submit
Reports

Overview

overview

Static

static

a2bf0fc5a3...e6.exe

windows7-x64

a2bf0fc5a3...e6.exe

windows10-2004-x64

Sharing

General

Target

a2bf0fc5a323073723c337d9a90e5141bd2ff9ad0b3f70459ee695962f87f8e6
Size

827KB
Sample

250206-degrpszqcs
MD5

23d0dbe545edf5e3f6d5f89306091acb
SHA1

d2aa733c6e5bcfd64030c810014c09e52eb64474
SHA256

a2bf0fc5a323073723c337d9a90e5141bd2ff9ad0b3f70459ee695962f87f8e6
SHA512

65e3f360ccf29130b709ca6ba06f7809578bd860e7bc12da1631467899db017feeaf92fa804c797ccbcaa96c97ed7911a1e7021a8c5df84779e66caa8bf8f69a
SSDEEP

12288:THO6O1v7cpNWrqV908Etd+U4UCrw3EO9VENXJMV5SEZd0ju:b0v7cpXVe8EtwUtD3ET6SEZR

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a2bf0fc5a323073723c337d9a90e5141bd2ff9ad0b3f70459ee695962f87f8e6.exe

Resource

win7-20240903-en

dcrat infostealer rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a2bf0fc5a323073723c337d9a90e5141bd2ff9ad0b3f70459ee695962f87f8e6.exe

Resource

win10v2004-20250129-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  a2bf0fc5a323073723c337d9a90e5141bd2ff9ad0b3f70459ee695962f87f8e6
- Size
  
  827KB
- MD5
  
  23d0dbe545edf5e3f6d5f89306091acb
- SHA1
  
  d2aa733c6e5bcfd64030c810014c09e52eb64474
- SHA256
  
  a2bf0fc5a323073723c337d9a90e5141bd2ff9ad0b3f70459ee695962f87f8e6
- SHA512
  
  65e3f360ccf29130b709ca6ba06f7809578bd860e7bc12da1631467899db017feeaf92fa804c797ccbcaa96c97ed7911a1e7021a8c5df84779e66caa8bf8f69a
- SSDEEP
  
  12288:THO6O1v7cpNWrqV908Etd+U4UCrw3EO9VENXJMV5SEZd0ju:b0v7cpXVe8EtwUtD3ET6SEZR
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Dcrat family
  dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2025

Terms | Privacy