Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c338e890e3b9721481fe183cf64376d2f090386e5ab69c64d3f72320b3a6be6a

  • Size

    1.3MB

  • Sample

    221031-y2lpdsdedk

  • MD5

    2be15113f92e3909a82568a8dd01ced1

  • SHA1

    d622c728957115f4e603a32c9e21fed24f2fe46f

  • SHA256

    c338e890e3b9721481fe183cf64376d2f090386e5ab69c64d3f72320b3a6be6a

  • SHA512

    263ba1772ae48c71a6c95e6ec5a7b99b8586417831f55e1f946c88d7e4da53bb43e62f143e06232793b8f18cd6eb99bce448f2d5215b8d2cd81ceb0277fcacf9

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      c338e890e3b9721481fe183cf64376d2f090386e5ab69c64d3f72320b3a6be6a

    • Size

      1.3MB

    • MD5

      2be15113f92e3909a82568a8dd01ced1

    • SHA1

      d622c728957115f4e603a32c9e21fed24f2fe46f

    • SHA256

      c338e890e3b9721481fe183cf64376d2f090386e5ab69c64d3f72320b3a6be6a

    • SHA512

      263ba1772ae48c71a6c95e6ec5a7b99b8586417831f55e1f946c88d7e4da53bb43e62f143e06232793b8f18cd6eb99bce448f2d5215b8d2cd81ceb0277fcacf9

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks