darktrack | a828743c3f2f5d2faf7271d90a8ba6bed316ad29d3021d5d62bd832374cbeb1c | Triage

Submit
Reports

Overview

overview

Static

static

dfb278405d...42.exe

windows7_x64

dfb278405d...42.exe

windows10-2004_x64

Sharing

General

Target

dfb278405d6f2c0795936304f4c8d2e572be0d2699477d5b68b4fcff67f9bf42.zip
Size

398KB
Sample

220407-qlz8vadfhm
MD5

028fb5fa3b8c45582b11b245ac7a5eb4
SHA1

5bd77c6677e557057f3b374c852f3f2687e8a885
SHA256

a828743c3f2f5d2faf7271d90a8ba6bed316ad29d3021d5d62bd832374cbeb1c
SHA512

e02c158668207eebc1c9bd22232596c456631889798811d9c4747ab53fbf4cb13692cc432c9f145acf10de9e29aa461dfeb43bc3fdec3e4d4da71b052db53497

Score

10^/10

darktrack persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

dfb278405d6f2c0795936304f4c8d2e572be0d2699477d5b68b4fcff67f9bf42.exe

Resource

win7-20220331-en

darktrack persistence rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dfb278405d6f2c0795936304f4c8d2e572be0d2699477d5b68b4fcff67f9bf42.exe

Resource

win10v2004-20220331-en

darktrack persistence rat stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  dfb278405d6f2c0795936304f4c8d2e572be0d2699477d5b68b4fcff67f9bf42.exe
- Size
  
  627KB
- MD5
  
  af776fc957e51c8846258b4d8004e1a1
- SHA1
  
  3baed603d9b56e085d56371397595f81edcf7b70
- SHA256
  
  dfb278405d6f2c0795936304f4c8d2e572be0d2699477d5b68b4fcff67f9bf42
- SHA512
  
  dc1d06d9d55d5bfd008d3f1e272c60440b777552dccb76858b062d1affbeae4f6c84429e2db8df5c8bd25edfd4a6afef5b81d76eaa801e36d5b7efdd1e3f92ef
Score

10^/10

darktrack persistence rat stealer
- DarkTrack
  DarkTrack is a remote administration tool written in delphi.
  rat stealer darktrack
- DarkTrack Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darktrackpersistenceratstealer

behavioral2

darktrackpersistenceratstealer

© 2018-2024

Terms | Privacy