dcrat

General

Target

injector.zip
Size

5.7MB
Sample

210715-hdbmqll9yj
MD5

429b49343c83087287faba8dd4d57c11
SHA1

ee87878c2292af1d7a71129baa91bc356f57efa0
SHA256

1e5acd9ae46d8522885ed418f362d0e4e5348b493ff8437d635e360c7f00aef1
SHA512

0cb9030df494943019334fd8b366159b45868d9ceba78a3f519fbd40e494c465541e5443062dd631a38318213a3d9d9f0ddeae1c06125ff56c8ef2c68f867b4d

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@design_stalkar

C2

185.186.142.83:29867

Targets

- Target
  
  injector.exe
- Size
  
  464KB
- MD5
  
  17cdde0e896e4a1bf5d8b376346c4d40
- SHA1
  
  6a1a5d06a351a23571d436c5f480fc6c0bf2267b
- SHA256
  
  33358691144fd04943b0de774643ba673448b6d7e616d482beb5200d09f9beeb
- SHA512
  
  43aa0de352de5930434951e6f79aa6f0175bc779858818aac0fc407e8dfcf4712df5d0bbea43953291b373ae2fec7ff5b4379f2bf16cf03fc2e3b2daec96c16c
Score

10^/10

upx dcrat redline @design_stalkar discovery infostealer rat spyware stealer
- DCrat
  DarkCrystalrat.
  rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- DCRat Payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  platforms/qwindows.dll
- Size
  
  1005KB
- MD5
  
  be068132ece3f794f09c9d6b5ba20b91
- SHA1
  
  859599fa72d128e33db6fe99ba95a8b63b15cc89
- SHA256
  
  59dcecb111aa15159414819f4f522e7f90597939cab572b982beebee5dc0efdf
- SHA512
  
  13829ae9b7bd0cba95800075b24570f3c70a6c4b3d4b3c4da76b0077e37c75194e929d8d56a2db69e22a319ba5077d188a6f3baedd1f69f79979717d6f6d1b6f
Score

1^/10
behavioral3 behavioral4
- Target
  
  updater.ini
- Size
  
  219KB
- MD5
  
  12f2bfc50beccac7da7e5bda20038502
- SHA1
  
  3832254fc525ec0d022b20c55ae819d3d54cef28
- SHA256
  
  d754d33bccde2b2600d052f86afadea348f6a7171561dcd9906800bbab48cfd9
- SHA512
  
  b43f43733dc394df4ea5c59483e87b0b085a7eee74986c8543b8cf1e4a2e76d5fd89b523d376569380d83a4e16a845f39088ca2f348f2168861962692eb8439f
Score

3^/10
behavioral5 behavioral6