dcrat | ec57a5693533b024615c157ec0e3867b2eb73a65a12c20501ef8ff00ffd8f65c

Analysis

max time kernel
103s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:13

Target

7b61ae4f030c2ff2d514149d23e413fd0ca5044e4330887faebb33446b4e4792.exe
Size

2.0MB
MD5

47c581f4beadfb88d5c8bff1b15c3d85
SHA1

7769ee60673d2816af999760c3d5f963cbd32833
SHA256

7b61ae4f030c2ff2d514149d23e413fd0ca5044e4330887faebb33446b4e4792
SHA512

66450111504a6af2e104ce2bf35eaf0cf09bd3ef77338a954622b6e41cc7c1106e88408591f872004baf49bb84d2f6ad49e351a11fe29ce685deaf7e948c55c0
SSDEEP

49152:7rYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:7dxVJC9UqRzsu+8N

Score

10^/10

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat
Dcrat family
dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
behavioral16/memory/772-1-0x00000000008C0000-0x0000000000ACA000-memory.dmp	dcrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	772	7b61ae4f030c2ff2d514149d23e413fd0ca5044e4330887faebb33446b4e4792.exe

C:\Users\Admin\AppData\Local\Temp\7b61ae4f030c2ff2d514149d23e413fd0ca5044e4330887faebb33446b4e4792.exe
"C:\Users\Admin\AppData\Local\Temp\7b61ae4f030c2ff2d514149d23e413fd0ca5044e4330887faebb33446b4e4792.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:772

memory/772-0-0x00007FFE59BD3000-0x00007FFE59BD5000-memory.dmp

Filesize
8KB

Download
memory/772-1-0x00000000008C0000-0x0000000000ACA000-memory.dmp

Filesize
2.0MB

Download
memory/772-2-0x00007FFE59BD0000-0x00007FFE5A691000-memory.dmp

Filesize
10.8MB

Download
memory/772-3-0x0000000002BC0000-0x0000000002BCE000-memory.dmp

Filesize
56KB

Download
memory/772-4-0x0000000002BD0000-0x0000000002BDE000-memory.dmp

Filesize
56KB

Download
memory/772-6-0x00007FFE59BD0000-0x00007FFE5A691000-memory.dmp

Filesize
10.8MB

Download