Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    466bec4d48e9c2facfb27f37270f66df75879a2f55246dac8645422264ad4385

  • Size

    1.3MB

  • Sample

    221103-qnfl8achcn

  • MD5

    dce894ac17e35fe47b78597bc43fdc34

  • SHA1

    52906c097835e33d459a493aa0c2c4997ba15838

  • SHA256

    466bec4d48e9c2facfb27f37270f66df75879a2f55246dac8645422264ad4385

  • SHA512

    82d38f768c26d538bb3a5e17b376cc32b36d9ea797af8acf448c7e3e3e8cce8e3987762054cd7ead0240d090ffaf5ab247d4ef19f107c088e6e098482f12c83b

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      466bec4d48e9c2facfb27f37270f66df75879a2f55246dac8645422264ad4385

    • Size

      1.3MB

    • MD5

      dce894ac17e35fe47b78597bc43fdc34

    • SHA1

      52906c097835e33d459a493aa0c2c4997ba15838

    • SHA256

      466bec4d48e9c2facfb27f37270f66df75879a2f55246dac8645422264ad4385

    • SHA512

      82d38f768c26d538bb3a5e17b376cc32b36d9ea797af8acf448c7e3e3e8cce8e3987762054cd7ead0240d090ffaf5ab247d4ef19f107c088e6e098482f12c83b

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks