Overview

overview

10

Static

static

10

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    57352cc6ef52e053911617e939335478e61be4a77e3357476b005def88cae8c3

  • Size

    1.3MB

  • Sample

    221102-nctnlacbbr

  • MD5

    368a2d3b3569d01141093c2628ba6e31

  • SHA1

    7c046456614f1d8434058fcd68a26453e62d63c2

  • SHA256

    57352cc6ef52e053911617e939335478e61be4a77e3357476b005def88cae8c3

  • SHA512

    52d40c5ceb275eae1e7aec250835b7cc00ab25e20def0a80e80690e9fa8e596819f511a6264048d1b3bc9643c17fde88d15b21bdae93c9d80f922817cb692137

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      57352cc6ef52e053911617e939335478e61be4a77e3357476b005def88cae8c3

    • Size

      1.3MB

    • MD5

      368a2d3b3569d01141093c2628ba6e31

    • SHA1

      7c046456614f1d8434058fcd68a26453e62d63c2

    • SHA256

      57352cc6ef52e053911617e939335478e61be4a77e3357476b005def88cae8c3

    • SHA512

      52d40c5ceb275eae1e7aec250835b7cc00ab25e20def0a80e80690e9fa8e596819f511a6264048d1b3bc9643c17fde88d15b21bdae93c9d80f922817cb692137

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks