dcrat | f441317d17e6b7c64e1bba5228b509142abe985bd47677a641c3e05f28886cf1 | Triage

Submit
Reports

Overview

overview

Static

static

f9dc41ab7a...72.exe

windows7-x64

f9dc41ab7a...72.exe

windows10-2004-x64

Sharing

General

Target

14fcd197cdb6cdb4c01ce23615c00e53.bin
Size

809KB
Sample

240630-bhgvrs1dqf
MD5

dc13cff63eec89de045847ee08b38a2a
SHA1

d9017f8b2c04fb74a1593a950f7fb66145536c31
SHA256

f441317d17e6b7c64e1bba5228b509142abe985bd47677a641c3e05f28886cf1
SHA512

dadd4e27663d393c72aa6aed900bd20fb154480b4edac7f1658620266f6093146019828399f9e31edd5ed8a5fca9ea8c1e81f7ca2e6573dbea3aef1e3ea9cd6f
SSDEEP

24576:9zuwfJc0AM1mnq+ZKa6HfJRQAA8JIfyc5Pm:tuKJcxu/JR+byim

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f9dc41ab7a043cf887b9737060be951dd11571c5774a8b6ca004b503c1995c72.exe

Resource

win7-20240221-en

dcrat infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

f9dc41ab7a043cf887b9737060be951dd11571c5774a8b6ca004b503c1995c72.exe

Resource

win10v2004-20240508-en

dcrat infostealer rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  f9dc41ab7a043cf887b9737060be951dd11571c5774a8b6ca004b503c1995c72.exe
- Size
  
  1.2MB
- MD5
  
  14fcd197cdb6cdb4c01ce23615c00e53
- SHA1
  
  010670457c082a750eca6d28568ed819b1f32559
- SHA256
  
  f9dc41ab7a043cf887b9737060be951dd11571c5774a8b6ca004b503c1995c72
- SHA512
  
  a170f923fbd41d78f60a3ac06fb5b04e867955c07746063a28c861ce9f74c0460ea539f0e900234bbacb02d0485e4fd8355a0a6826d64fcdd8aef5b059997c7b
- SSDEEP
  
  24576:RHIfa4YPdvEo074Zxgzv4AkDKiK0AtSSIb3gqAIj:FIi4noPhUi/Atbc3i
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy