Overview

overview

10

Static

static

AA2356A089...B0.exe

windows7_x64

10

AA2356A089...B0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AA2356A089DEA9B1884085A9C12401C149F47533851B0.exe

  • Size

    641KB

  • Sample

    210615-b65xfypra2

  • MD5

    62137247f4c2e5f4f60543a318a4c092

  • SHA1

    2372a8c8638272f9508f5d1a8cb4a1688b9e5fa3

  • SHA256

    aa2356a089dea9b1884085a9c12401c149f47533851b05e284196d42695c76cb

  • SHA512

    dd531d4b6b3682c5b7b0f8ddac3ae3b8fa45468a691a09a88090296cdbb8c522c8b58d36b226a7f3104eadc94eb7a1e1e3a429a0b08775878dd1865488379dfa

Score
10/10
dcratinfostealerratspywarestealer

Malware Config

Targets

    • Target

      AA2356A089DEA9B1884085A9C12401C149F47533851B0.exe

    • Size

      641KB

    • MD5

      62137247f4c2e5f4f60543a318a4c092

    • SHA1

      2372a8c8638272f9508f5d1a8cb4a1688b9e5fa3

    • SHA256

      aa2356a089dea9b1884085a9c12401c149f47533851b05e284196d42695c76cb

    • SHA512

      dd531d4b6b3682c5b7b0f8ddac3ae3b8fa45468a691a09a88090296cdbb8c522c8b58d36b226a7f3104eadc94eb7a1e1e3a429a0b08775878dd1865488379dfa

    Score
    10/10
    dcratinfostealerratspywarestealer

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat Payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks