Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8a2b2f89915796ce702992c81bf403e73b62016319fc5114c660fcb0eeceb1f9

  • Size

    1.3MB

  • Sample

    221102-z39naaedbr

  • MD5

    fd0e4895fa61e0b83902bbd473b64627

  • SHA1

    49f8e81d636c6f877dbff0ed4a50332cf6758945

  • SHA256

    8a2b2f89915796ce702992c81bf403e73b62016319fc5114c660fcb0eeceb1f9

  • SHA512

    f092ffaa0f57c62816ffbf2d624edffae08f3d400fd5ec2b4040e73c2471aed494d6b8995f69e408dd4bf2e6b7705da06c8b923dfdce472a5e7e501dfbee266c

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      8a2b2f89915796ce702992c81bf403e73b62016319fc5114c660fcb0eeceb1f9

    • Size

      1.3MB

    • MD5

      fd0e4895fa61e0b83902bbd473b64627

    • SHA1

      49f8e81d636c6f877dbff0ed4a50332cf6758945

    • SHA256

      8a2b2f89915796ce702992c81bf403e73b62016319fc5114c660fcb0eeceb1f9

    • SHA512

      f092ffaa0f57c62816ffbf2d624edffae08f3d400fd5ec2b4040e73c2471aed494d6b8995f69e408dd4bf2e6b7705da06c8b923dfdce472a5e7e501dfbee266c

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks