Overview

overview

10

Static

static

a40b2024c8...bc.exe

windows7_x64

10

a40b2024c8...bc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a40b2024c8c23f5584205a8d30e47161db2853e166748cd2963a82034c3893bc

  • Size

    3.3MB

  • Sample

    220503-cq5r8sfhe8

  • MD5

    71239e1dccf1d01ed9f2eea461a3f6ed

  • SHA1

    47fedfd6367e49b15cb24107c60a4351570da628

  • SHA256

    a40b2024c8c23f5584205a8d30e47161db2853e166748cd2963a82034c3893bc

  • SHA512

    bd6f2948e2919162abae27549cb073ff9a6882b63ba2573d44302c424163dc71f99c8d71984959c0125fc2c2e203adc1607aa1633d002158ca559efd680536c5

Score
10/10
darktrackpersistenceratstealer

Malware Config

Targets

    • Target

      a40b2024c8c23f5584205a8d30e47161db2853e166748cd2963a82034c3893bc

    • Size

      3.3MB

    • MD5

      71239e1dccf1d01ed9f2eea461a3f6ed

    • SHA1

      47fedfd6367e49b15cb24107c60a4351570da628

    • SHA256

      a40b2024c8c23f5584205a8d30e47161db2853e166748cd2963a82034c3893bc

    • SHA512

      bd6f2948e2919162abae27549cb073ff9a6882b63ba2573d44302c424163dc71f99c8d71984959c0125fc2c2e203adc1607aa1633d002158ca559efd680536c5

    Score
    10/10
    darktrackpersistenceratstealer

    • DarkTrack

      DarkTrack is a remote administration tool written in delphi.

      ratstealerdarktrack

    • DarkTrack Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks