Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7a40faddc7c35c2492ca5e7561867920f01702a2424b131f63d5eceaed1073ff

  • Size

    1.3MB

  • Sample

    221101-m9p61abca9

  • MD5

    82b6dd42751fa71c1b524bc01d4c65f3

  • SHA1

    cebe8cb406b6cbcacfcc677faa8299a64bbcb136

  • SHA256

    7a40faddc7c35c2492ca5e7561867920f01702a2424b131f63d5eceaed1073ff

  • SHA512

    1da398123e2470f1e67b9f4c9b3797b70b1e51cef6a0faa16189e8d453118fcadfc413196ee9849660a26d4558f3f8897a86dbb1dbcec8d8804e3167369ed6a0

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      7a40faddc7c35c2492ca5e7561867920f01702a2424b131f63d5eceaed1073ff

    • Size

      1.3MB

    • MD5

      82b6dd42751fa71c1b524bc01d4c65f3

    • SHA1

      cebe8cb406b6cbcacfcc677faa8299a64bbcb136

    • SHA256

      7a40faddc7c35c2492ca5e7561867920f01702a2424b131f63d5eceaed1073ff

    • SHA512

      1da398123e2470f1e67b9f4c9b3797b70b1e51cef6a0faa16189e8d453118fcadfc413196ee9849660a26d4558f3f8897a86dbb1dbcec8d8804e3167369ed6a0

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks