Overview

overview

10

Static

static

13f834e84b...f7.exe

windows7_x64

10

13f834e84b...f7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13f834e84beb9208eaba2a22a286bcf7.exe

  • Size

    1.5MB

  • Sample

    220513-epmldaccb8

  • MD5

    13f834e84beb9208eaba2a22a286bcf7

  • SHA1

    0c362d1880081df5e1101f2f6d5c60f29d5a2f8d

  • SHA256

    f3c0ce87c47d8a905458f935d7e1f09492dcc0e9e3d921d99391d7226961eb5d

  • SHA512

    f18801e6691980f17d4fe29c59db74084b78c3d203406803380f3d477ef337c5c9828bde585be04ea5646880d12e149af0da19c9eae77917463d4e015e23300c

Score
10/10
dcratinfostealerratspywarestealersuricata

Malware Config

Targets

    • Target

      13f834e84beb9208eaba2a22a286bcf7.exe

    • Size

      1.5MB

    • MD5

      13f834e84beb9208eaba2a22a286bcf7

    • SHA1

      0c362d1880081df5e1101f2f6d5c60f29d5a2f8d

    • SHA256

      f3c0ce87c47d8a905458f935d7e1f09492dcc0e9e3d921d99391d7226961eb5d

    • SHA512

      f18801e6691980f17d4fe29c59db74084b78c3d203406803380f3d477ef337c5c9828bde585be04ea5646880d12e149af0da19c9eae77917463d4e015e23300c

    Score
    10/10
    dcratinfostealerratspywarestealersuricata

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • suricata: ET MALWARE DCRAT Activity (GET)

      suricata: ET MALWARE DCRAT Activity (GET)

      suricata

    • DCRat Payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks