Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a2e1690e376542244c3c8f4d20f542469b7ce46d0de5a0ba9b9c1197b882aadd

  • Size

    1.3MB

  • Sample

    221101-n1ppjscegm

  • MD5

    093a0f614f6d88c25906d40d88ea1cfd

  • SHA1

    f2fbfc4a4f3cf00f6d1c572280b7746010640e82

  • SHA256

    a2e1690e376542244c3c8f4d20f542469b7ce46d0de5a0ba9b9c1197b882aadd

  • SHA512

    dcc1f5f326d5a952c47a54d19f5bcacf077945fafe1bf8ca75723acc9ab1ba70642442bacce66a6a0d4481532d619cec32a4f5535737282ce26b834e787659cf

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      a2e1690e376542244c3c8f4d20f542469b7ce46d0de5a0ba9b9c1197b882aadd

    • Size

      1.3MB

    • MD5

      093a0f614f6d88c25906d40d88ea1cfd

    • SHA1

      f2fbfc4a4f3cf00f6d1c572280b7746010640e82

    • SHA256

      a2e1690e376542244c3c8f4d20f542469b7ce46d0de5a0ba9b9c1197b882aadd

    • SHA512

      dcc1f5f326d5a952c47a54d19f5bcacf077945fafe1bf8ca75723acc9ab1ba70642442bacce66a6a0d4481532d619cec32a4f5535737282ce26b834e787659cf

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks