Overview

overview

10

Static

static

2a097b6528...c4.exe

windows7-x64

10

2a097b6528...c4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a097b6528b1d69d02c3b35a9209ecc4.exe

  • Size

    992KB

  • Sample

    220929-1q2mkscae8

  • MD5

    2a097b6528b1d69d02c3b35a9209ecc4

  • SHA1

    47b4d6dcb3314e0bb75b99c305dadb36ed2ce27b

  • SHA256

    ba921e5bd4687eec051d4e646756bb2930ec900abf061b94761d6944f906afba

  • SHA512

    99cf27c3384774696a3314d29bf5d24e3a36593923c376be4bc77e113138101f9b0e4953c5547f5aecf94ba1f08de48a749401f84d270dbfa2c6de707835756c

  • SSDEEP

    24576:pAOcZFOuDCeExG55TnnQlEqnEchu2NHQqW:DIDC/0z47Ec02NwZ

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      2a097b6528b1d69d02c3b35a9209ecc4.exe

    • Size

      992KB

    • MD5

      2a097b6528b1d69d02c3b35a9209ecc4

    • SHA1

      47b4d6dcb3314e0bb75b99c305dadb36ed2ce27b

    • SHA256

      ba921e5bd4687eec051d4e646756bb2930ec900abf061b94761d6944f906afba

    • SHA512

      99cf27c3384774696a3314d29bf5d24e3a36593923c376be4bc77e113138101f9b0e4953c5547f5aecf94ba1f08de48a749401f84d270dbfa2c6de707835756c

    • SSDEEP

      24576:pAOcZFOuDCeExG55TnnQlEqnEchu2NHQqW:DIDC/0z47Ec02NwZ

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks