Overview

overview

10

Static

static

10

DCRatBuild.exe

windows11-21h2-x64

10

Resubmissions

01-07-2024 00:40

240701-az927stfrj 10

01-07-2024 00:39

240701-az1tja1arh 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DCRatBuild.exe

  • Size

    1.9MB

  • Sample

    240701-az1tja1arh

  • MD5

    469d978118f1a8de4a1a5bb33bc81a93

  • SHA1

    295ce921008c39f1f3f0ac1e1ccde97ad5c0f12e

  • SHA256

    5b8f511ca8a386c382cd23b305d295ae406a9aae2392f7543de21d5d67c44ced

  • SHA512

    7d71ac9b37d6ca74339e6a7b8b08a72ba72b8f7fedce1ed6d80703eafb31dd4d5e70de4118cf719292cb3de9cb5f84b27b79492b95e890df143e0c5c295cbc44

  • SSDEEP

    49152:UbA307leyidFZE7vBekGuQ/kp129bxWEvd0:UbIyh70kF/p12A

Score
10/10
dcratevasioninfostealerrat

Malware Config

Targets

    • Target

      DCRatBuild.exe

    • Size

      1.9MB

    • MD5

      469d978118f1a8de4a1a5bb33bc81a93

    • SHA1

      295ce921008c39f1f3f0ac1e1ccde97ad5c0f12e

    • SHA256

      5b8f511ca8a386c382cd23b305d295ae406a9aae2392f7543de21d5d67c44ced

    • SHA512

      7d71ac9b37d6ca74339e6a7b8b08a72ba72b8f7fedce1ed6d80703eafb31dd4d5e70de4118cf719292cb3de9cb5f84b27b79492b95e890df143e0c5c295cbc44

    • SSDEEP

      49152:UbA307leyidFZE7vBekGuQ/kp129bxWEvd0:UbIyh70kF/p12A

    Score
    10/10
    dcratevasioninfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks