Overview

overview

10

Static

static

1

8d41d5131f...95.exe

windows7-x64

10

8d41d5131f...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8479146467.zip

  • Size

    1.1MB

  • Sample

    221124-jm8haahg23

  • MD5

    99be1880a1752def4737f769a7af465c

  • SHA1

    4691fd15227528836d936631ae1b392aeba217df

  • SHA256

    05a3a5b64599cc2660968b37868008bb805780f0bfae9b6147879a6461d9a3fd

  • SHA512

    941fa04ef8bf74b87e1a8442c661ed238811f1592b389b7101a4aecc7a46e433a71d3114acecae7b223dff989806b63621512d92e789a9cc2b92ad5343a07678

  • SSDEEP

    24576:DLviPt3GrTV9RAVN20jHxV8DSddmvSyJ+aLGLw8+qwAZ:DLyhGrTV3A722V8DGySkLGLwrRAZ

Score
10/10
dcratinfostealerpersistencerat

Malware Config

Targets

    • Target

      8d41d5131fac719cc11823fb57bef9ef1ea063dbb8f52b235a3948bece039d95

    • Size

      1.1MB

    • MD5

      b478d340a787b85e086cc951d0696cb1

    • SHA1

      563d9f1b35b4898d16aff1dccd8969299f7ab8b7

    • SHA256

      8d41d5131fac719cc11823fb57bef9ef1ea063dbb8f52b235a3948bece039d95

    • SHA512

      93c5a3010ae7bf41ad966902aeaa32e17faa0bad3e76248e2096478af5bf169f817c6914a775efc666967a425716609099be8bf69e2900613a65791e4fcd3e09

    • SSDEEP

      24576:npe9a9aC/qF5EZNo9DzDn07bPVICwUmmHcexxnn:pwa9a9F54qH075kUmmHxx1n

    Score
    10/10
    dcratinfostealerpersistencerat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks