Overview

overview

10

Static

static

10

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e4783aaeb87d9b828bcd1cc5bd3c41f445a7cb0438b60f466d4b3fb9f2e3e9cd

  • Size

    1.3MB

  • Sample

    221101-rcjeeacdh7

  • MD5

    78c681e670234a826bb627f83f5706b1

  • SHA1

    53bd8d9c2c708fdc06f1b0b69d412902b4de0682

  • SHA256

    e4783aaeb87d9b828bcd1cc5bd3c41f445a7cb0438b60f466d4b3fb9f2e3e9cd

  • SHA512

    bf995a79557796e5c56aedd58e63d1086515dcf523f32d8800a4d6fdaf98d2a5c2dbfa1b72249c627dd8365a2daa9bc750d587e1dec77e036aa92d447f737063

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      e4783aaeb87d9b828bcd1cc5bd3c41f445a7cb0438b60f466d4b3fb9f2e3e9cd

    • Size

      1.3MB

    • MD5

      78c681e670234a826bb627f83f5706b1

    • SHA1

      53bd8d9c2c708fdc06f1b0b69d412902b4de0682

    • SHA256

      e4783aaeb87d9b828bcd1cc5bd3c41f445a7cb0438b60f466d4b3fb9f2e3e9cd

    • SHA512

      bf995a79557796e5c56aedd58e63d1086515dcf523f32d8800a4d6fdaf98d2a5c2dbfa1b72249c627dd8365a2daa9bc750d587e1dec77e036aa92d447f737063

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks