dcrat | a23fdeddb683f716be744ef3fe9a8ce2c87b02f5e5c1f6c8bdb70881de528304

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
22/03/2025, 06:16

Target

ce01fc8942b621016741e3fd96b711a32c6375ebea07247fab8b310c8b744ab5.exe
Size

2.0MB
MD5

df757d42baa03d25e763fcdb563282e9
SHA1

14e77f489c862495b7ea6c31e8a5a5b84d49b755
SHA256

ce01fc8942b621016741e3fd96b711a32c6375ebea07247fab8b310c8b744ab5
SHA512

8861b222e7623f661b70d4cbe1cdbb218f53755c98d5b8de628b9cb68b246abfe5b0774f130eea229c81b4ac396c6bbd8dcddc384832f4c9eb5928b66067c4c9
SSDEEP

49152:zrYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:zdxVJC9UqRzsu+8N

Score

10^/10

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat
Dcrat family
dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
behavioral7/memory/2988-1-0x0000000000BE0000-0x0000000000DEA000-memory.dmp	dcrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2988	ce01fc8942b621016741e3fd96b711a32c6375ebea07247fab8b310c8b744ab5.exe

C:\Users\Admin\AppData\Local\Temp\ce01fc8942b621016741e3fd96b711a32c6375ebea07247fab8b310c8b744ab5.exe
"C:\Users\Admin\AppData\Local\Temp\ce01fc8942b621016741e3fd96b711a32c6375ebea07247fab8b310c8b744ab5.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2988

memory/2988-0-0x000007FEF5FA3000-0x000007FEF5FA4000-memory.dmp

Filesize
4KB

Download
memory/2988-1-0x0000000000BE0000-0x0000000000DEA000-memory.dmp

Filesize
2.0MB

Download
memory/2988-2-0x000007FEF5FA0000-0x000007FEF698C000-memory.dmp

Filesize
9.9MB

Download
memory/2988-3-0x0000000000430000-0x000000000043E000-memory.dmp

Filesize
56KB

Download
memory/2988-4-0x0000000000440000-0x000000000044E000-memory.dmp

Filesize
56KB

Download
memory/2988-5-0x000007FEF5FA0000-0x000007FEF698C000-memory.dmp

Filesize
9.9MB

Download