Overview

overview

10

Static

static

DCRatBuild.exe

windows7_x64

8

DCRatBuild.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DCRatBuild.exe

  • Size

    442KB

  • Sample

    210121-vtbwaxdqpa

  • MD5

    913b7d776a238629ac88e0a691307f6a

  • SHA1

    15b47a35322e74a52b9593bb0c9522fb9af59448

  • SHA256

    c55718c9e517722c298ff4020b9464004c1190cdb1b152f8e0d056e7999848df

  • SHA512

    fd572624b66db65ba465f9baad95741198832f8e75d8ba93f04f860292d1d707234f81a70b9c464bf6c71cc0e14c59c3ba2e01193e3e53ace767a8337d293969

Score
10/10
ransomware

Malware Config

Targets

    • Target

      DCRatBuild.exe

    • Size

      442KB

    • MD5

      913b7d776a238629ac88e0a691307f6a

    • SHA1

      15b47a35322e74a52b9593bb0c9522fb9af59448

    • SHA256

      c55718c9e517722c298ff4020b9464004c1190cdb1b152f8e0d056e7999848df

    • SHA512

      fd572624b66db65ba465f9baad95741198832f8e75d8ba93f04f860292d1d707234f81a70b9c464bf6c71cc0e14c59c3ba2e01193e3e53ace767a8337d293969

    Score
    10/10
    ransomware

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks