General
-
Target
DCRatBuild.exe
-
Size
442KB
-
Sample
210121-vtbwaxdqpa
-
MD5
913b7d776a238629ac88e0a691307f6a
-
SHA1
15b47a35322e74a52b9593bb0c9522fb9af59448
-
SHA256
c55718c9e517722c298ff4020b9464004c1190cdb1b152f8e0d056e7999848df
-
SHA512
fd572624b66db65ba465f9baad95741198832f8e75d8ba93f04f860292d1d707234f81a70b9c464bf6c71cc0e14c59c3ba2e01193e3e53ace767a8337d293969
Static task
static1
Behavioral task
behavioral1
Sample
DCRatBuild.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DCRatBuild.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
DCRatBuild.exe
-
Size
442KB
-
MD5
913b7d776a238629ac88e0a691307f6a
-
SHA1
15b47a35322e74a52b9593bb0c9522fb9af59448
-
SHA256
c55718c9e517722c298ff4020b9464004c1190cdb1b152f8e0d056e7999848df
-
SHA512
fd572624b66db65ba465f9baad95741198832f8e75d8ba93f04f860292d1d707234f81a70b9c464bf6c71cc0e14c59c3ba2e01193e3e53ace767a8337d293969
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-