Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7f5129a9119cda6b473e2e874d4a74425cf1baff300a471a679128df7897b8d0

  • Size

    1.3MB

  • Sample

    221102-bxwx8sgdf6

  • MD5

    953fe6824c68cdc72a9a2e19ccbf3bc6

  • SHA1

    fe6ca836dee39d60d9c0e7f560be489f829cd65d

  • SHA256

    7f5129a9119cda6b473e2e874d4a74425cf1baff300a471a679128df7897b8d0

  • SHA512

    ea1130f87a2cb90c4928513dfb0ce101d9eae13b6d4e0c9066aa44e9de8bf5c21c3c0cb1692815e43f112389cff180f69109d8fd84e6349c63a2fa7d2e5f1868

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      7f5129a9119cda6b473e2e874d4a74425cf1baff300a471a679128df7897b8d0

    • Size

      1.3MB

    • MD5

      953fe6824c68cdc72a9a2e19ccbf3bc6

    • SHA1

      fe6ca836dee39d60d9c0e7f560be489f829cd65d

    • SHA256

      7f5129a9119cda6b473e2e874d4a74425cf1baff300a471a679128df7897b8d0

    • SHA512

      ea1130f87a2cb90c4928513dfb0ce101d9eae13b6d4e0c9066aa44e9de8bf5c21c3c0cb1692815e43f112389cff180f69109d8fd84e6349c63a2fa7d2e5f1868

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks