dcrat | 32619382ab72416dff258bff30a8b505d6e69e818345612892a121c28f3b23b0 | Triage

Submit
Reports

Overview

overview

Static

static

Modrinth.exe

windows7-x64

Modrinth.exe

windows10-2004-x64

Sharing

General

Target

Modrinth.exe
Size

6.8MB
Sample

240704-yn8l1aybrh
MD5

21cad48edbc93da2d1e1ab6f6632461a
SHA1

667a584eae5a57937d66d64249c26c8b1b2abf8f
SHA256

32619382ab72416dff258bff30a8b505d6e69e818345612892a121c28f3b23b0
SHA512

9125263a9b31336d350e19f9c79460038f7a6c48db109001e93fd8d7e8aba30c3bf44a362c4f3ee87294d3cf9052cbc8d7da518d34356212cb6f914a9990a21d
SSDEEP

196608:UQKQUc/HMlS2JxmYcmcg7XGqb6Msq51GPo:XKwslSDVoXGe1GQ

Score

10^/10

dcrat infostealer rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Modrinth.exe

Resource

win7-20240508-en

dcrat infostealer rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Modrinth.exe

Resource

win10v2004-20240704-en

dcrat infostealer rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Modrinth.exe
- Size
  
  6.8MB
- MD5
  
  21cad48edbc93da2d1e1ab6f6632461a
- SHA1
  
  667a584eae5a57937d66d64249c26c8b1b2abf8f
- SHA256
  
  32619382ab72416dff258bff30a8b505d6e69e818345612892a121c28f3b23b0
- SHA512
  
  9125263a9b31336d350e19f9c79460038f7a6c48db109001e93fd8d7e8aba30c3bf44a362c4f3ee87294d3cf9052cbc8d7da518d34356212cb6f914a9990a21d
- SSDEEP
  
  196608:UQKQUc/HMlS2JxmYcmcg7XGqb6Msq51GPo:XKwslSDVoXGe1GQ
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dcratinfostealerrat

behavioral2

dcratinfostealerrat

© 2018-2024

Terms | Privacy