Overview

overview

10

Static

static

583DE02EC7...BD.exe

windows7_x64

10

583DE02EC7...BD.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    583DE02EC747F0316FB7B0E59BD858BD.exe

  • Size

    3.2MB

  • Sample

    210407-w56yryyfhe

  • MD5

    583de02ec747f0316fb7b0e59bd858bd

  • SHA1

    89e8b166e20db07846b4abcf81ff69c72e8a87ab

  • SHA256

    777a1b5eb79e751f4684f825ef2a5df80433a2d4e20f921d4f747e904793f3d2

  • SHA512

    f20189cc020395a6e4f8ad639912e0ba9750431ed03487f4f22ab016e1ea260782607c52e499a3d31e6d0793ef3aa847cf0027372c82882c465b785308362492

Score
10/10
darktrackpersistenceratstealer

Malware Config

Targets

    • Target

      583DE02EC747F0316FB7B0E59BD858BD.exe

    • Size

      3.2MB

    • MD5

      583de02ec747f0316fb7b0e59bd858bd

    • SHA1

      89e8b166e20db07846b4abcf81ff69c72e8a87ab

    • SHA256

      777a1b5eb79e751f4684f825ef2a5df80433a2d4e20f921d4f747e904793f3d2

    • SHA512

      f20189cc020395a6e4f8ad639912e0ba9750431ed03487f4f22ab016e1ea260782607c52e499a3d31e6d0793ef3aa847cf0027372c82882c465b785308362492

    Score
    10/10
    darktrackpersistenceratstealer

    • DarkTrack

      DarkTrack is a remote administration tool written in delphi.

      ratstealerdarktrack

    • DarkTrack Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks