Overview

overview

10

Static

static

10

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6046a5a5b3e990b215b5c896779ca7c85c639152ec99f7e8733b0a3d272c97a1

  • Size

    1.3MB

  • Sample

    221102-jrlt3sace2

  • MD5

    d28305140115c766710586938d79f897

  • SHA1

    f06a0bf7a0f85f4cdda1237795a36cd371d7b53b

  • SHA256

    6046a5a5b3e990b215b5c896779ca7c85c639152ec99f7e8733b0a3d272c97a1

  • SHA512

    e015501b593adba980c3bc99535ac31610ebf43ba0a0c929291d39f3f8b6b849b5b12904b767a3ae2bbbb4d48dd968e921444f18478cfdb77c52d0a761eb6c10

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      6046a5a5b3e990b215b5c896779ca7c85c639152ec99f7e8733b0a3d272c97a1

    • Size

      1.3MB

    • MD5

      d28305140115c766710586938d79f897

    • SHA1

      f06a0bf7a0f85f4cdda1237795a36cd371d7b53b

    • SHA256

      6046a5a5b3e990b215b5c896779ca7c85c639152ec99f7e8733b0a3d272c97a1

    • SHA512

      e015501b593adba980c3bc99535ac31610ebf43ba0a0c929291d39f3f8b6b849b5b12904b767a3ae2bbbb4d48dd968e921444f18478cfdb77c52d0a761eb6c10

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks