Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00dc8170f25cec60ba3879cf8570fc25d83a571fe995f845149e02a076e8b07c

  • Size

    1.3MB

  • Sample

    221102-c6matsggb7

  • MD5

    9d8aae57dccf9a1b89b2ad6814b6104e

  • SHA1

    48df9dcefbf7b878b4e3e1ddc83782f1cd831c5b

  • SHA256

    00dc8170f25cec60ba3879cf8570fc25d83a571fe995f845149e02a076e8b07c

  • SHA512

    af6884bb0a42fa5cd0adf10bf2cd6242ade29068c44fedafdf78eb384752bd766405cc5cc47ccbee5ac9480bdf6174974b3a8f80d88c16f6942c5481a4cffe47

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      00dc8170f25cec60ba3879cf8570fc25d83a571fe995f845149e02a076e8b07c

    • Size

      1.3MB

    • MD5

      9d8aae57dccf9a1b89b2ad6814b6104e

    • SHA1

      48df9dcefbf7b878b4e3e1ddc83782f1cd831c5b

    • SHA256

      00dc8170f25cec60ba3879cf8570fc25d83a571fe995f845149e02a076e8b07c

    • SHA512

      af6884bb0a42fa5cd0adf10bf2cd6242ade29068c44fedafdf78eb384752bd766405cc5cc47ccbee5ac9480bdf6174974b3a8f80d88c16f6942c5481a4cffe47

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks