Overview

overview

10

Static

static

10

0ef1669b5a...ad.exe

windows7-x64

10

0ef1669b5a...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ef1669b5a2a031943ebcc66dd1664ad.exe

  • Size

    965KB

  • Sample

    220915-lpnxrsgceq

  • MD5

    0ef1669b5a2a031943ebcc66dd1664ad

  • SHA1

    13a11b03ad5ad87dbf9ae194bf96253f5fe48f24

  • SHA256

    640c60b075e866cfb3247d92043087ecf89802db24124bd97f1ca1bffa062ccd

  • SHA512

    57c40f13fe0fe14b0dce388f4f8ee64d7965e216f2fb700b29fefc3d1e65d4fc89ea90fa01b74aa5660e0e00077f7e84ec3e6a94a28a5d429f29f494569d60cb

  • SSDEEP

    12288:+K5wpf3kJ7CZIgNw9DAlnZcUUNHuZdYD1cDN+jQ5x+lbbAKLCwzgMl+Vp:R5wp/0CZwDAlnvPa1fjmKbbj+I0

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      0ef1669b5a2a031943ebcc66dd1664ad.exe

    • Size

      965KB

    • MD5

      0ef1669b5a2a031943ebcc66dd1664ad

    • SHA1

      13a11b03ad5ad87dbf9ae194bf96253f5fe48f24

    • SHA256

      640c60b075e866cfb3247d92043087ecf89802db24124bd97f1ca1bffa062ccd

    • SHA512

      57c40f13fe0fe14b0dce388f4f8ee64d7965e216f2fb700b29fefc3d1e65d4fc89ea90fa01b74aa5660e0e00077f7e84ec3e6a94a28a5d429f29f494569d60cb

    • SSDEEP

      12288:+K5wpf3kJ7CZIgNw9DAlnZcUUNHuZdYD1cDN+jQ5x+lbbAKLCwzgMl+Vp:R5wp/0CZwDAlnvPa1fjmKbbj+I0

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks