Extracted

• • Target

    file.exe

  • Size

    455KB

  • MD5

    7da4f28ff1f32712b6e1040ca084f15a

  • SHA1

    24780c059523125cf643cd17ef4e86d0907ecad0

  • SHA256

    464dcd506637588f1640550f411af1a56a1d9784e61e43e9bcf247b3243211e8

  • SHA512

    cf85cd8562c1e2ce8fe08542a6cb0a70b7e7ca5b5ace4de709b93ffac9fda5366d59c7f39d6887f8ce583d26c107b95c4b29fc85dbf5523261ca6a2601d6412d

  • SSDEEP

    6144:3EQjpzNsFX8NxTCQBppX8fRqUqudKr48GASVb/53qDxEw7gn5UkgPaMAOJCgO4o:3TkOjpsfcUqudKmuH7gSkbMDCHl

  Score

  10^/10

  redline5497250084infostealerspywaredcratrat

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • DCRat payload

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2