dcrat | 2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f | Triage

Submit
Reports

Overview

overview

Static

static

2891ed67cd...6f.exe

windows7-x64

2891ed67cd...6f.exe

windows10-2004-x64

Sharing

General

Target

2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f.exe
Size

1.2MB
Sample

240630-bf4azsvckr
MD5

4de89d32568fd0f9669aeb674d72f61f
SHA1

6b8da15ab4ac7cb4d1e8acb9b04c8831994352cb
SHA256

2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f
SHA512

392befbddd039a82d6da643f8cfc4164bdf22c43ba3685d102be6dc3565f868e7190f6abc1d9dbf3b63d5523d497697b1e84b30523a41ccf86de3db3d8b17664
SSDEEP

24576:3bBJV+TppUZ1xPUglkrp4MRf/DjD83jHQ10nRT:rlU8Pwu8nojHM0nR

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f.exe

Resource

win7-20240508-en

dcrat infostealer rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f.exe

Resource

win10v2004-20240611-en

dcrat infostealer rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f.exe
- Size
  
  1.2MB
- MD5
  
  4de89d32568fd0f9669aeb674d72f61f
- SHA1
  
  6b8da15ab4ac7cb4d1e8acb9b04c8831994352cb
- SHA256
  
  2891ed67cda3644765fd94fce012ff41aa4e32fc4c2857e63648803884d76c6f
- SHA512
  
  392befbddd039a82d6da643f8cfc4164bdf22c43ba3685d102be6dc3565f868e7190f6abc1d9dbf3b63d5523d497697b1e84b30523a41ccf86de3db3d8b17664
- SSDEEP
  
  24576:3bBJV+TppUZ1xPUglkrp4MRf/DjD83jHQ10nRT:rlU8Pwu8nojHM0nR
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy