Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f6506fa23e616a8c85f6c5ce7b1f5ccd814b2404794cba30e8fe80016b516d62

  • Size

    1.3MB

  • Sample

    221101-sk3npachf7

  • MD5

    a074082917e812b308a8a845e5a3a6d9

  • SHA1

    f775cb6dd9c54d05014e80366207dad374751366

  • SHA256

    f6506fa23e616a8c85f6c5ce7b1f5ccd814b2404794cba30e8fe80016b516d62

  • SHA512

    be6734325ac6a46d5abed0f45c2fdcabfa509d5d6ac2ef949a3a3856f3a93512243009c7d24b4d95a7cb5e0758c67b4e195700519d72a703e9f0383ebcafbebc

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      f6506fa23e616a8c85f6c5ce7b1f5ccd814b2404794cba30e8fe80016b516d62

    • Size

      1.3MB

    • MD5

      a074082917e812b308a8a845e5a3a6d9

    • SHA1

      f775cb6dd9c54d05014e80366207dad374751366

    • SHA256

      f6506fa23e616a8c85f6c5ce7b1f5ccd814b2404794cba30e8fe80016b516d62

    • SHA512

      be6734325ac6a46d5abed0f45c2fdcabfa509d5d6ac2ef949a3a3856f3a93512243009c7d24b4d95a7cb5e0758c67b4e195700519d72a703e9f0383ebcafbebc

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks