Overview

overview

10

Static

static

10

2fd35a47c2...1d.exe

windows7_x64

10

2fd35a47c2...1d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fd35a47c26de70495d7abd6e8704e1d.exe

  • Size

    1.4MB

  • Sample

    210714-z72rt7sg8n

  • MD5

    2fd35a47c26de70495d7abd6e8704e1d

  • SHA1

    f157f9515ba04c7532e1908b578fe37a873cda76

  • SHA256

    f60133f0545df116739879fd080e0fc688aece721a4123612ebaa479c2c551e0

  • SHA512

    993beeba72931cbc5084161bd11f4b759c5ee191de4920e86882624d9d66a34aa4683d522648dc40f03a46e7f6fdb015072280bb79160d0dc12e929009e4253c

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      2fd35a47c26de70495d7abd6e8704e1d.exe

    • Size

      1.4MB

    • MD5

      2fd35a47c26de70495d7abd6e8704e1d

    • SHA1

      f157f9515ba04c7532e1908b578fe37a873cda76

    • SHA256

      f60133f0545df116739879fd080e0fc688aece721a4123612ebaa479c2c551e0

    • SHA512

      993beeba72931cbc5084161bd11f4b759c5ee191de4920e86882624d9d66a34aa4683d522648dc40f03a46e7f6fdb015072280bb79160d0dc12e929009e4253c

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat Payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks