dcrat | 48477731c540605dad84300f6f93ad90531d87ada89cad74f064b36bcd89828e | Triage

Submit
Reports

Overview

overview

Static

static

64c8961580...4a.exe

windows7-x64

64c8961580...4a.exe

windows10-2004-x64

Sharing

General

Target

64c8961580c51d91243226dac1d4b95a4bc9a47f580acadfaa291c3ae1b7e14a
Size

213KB
Sample

221229-3rallahg4s
MD5

88ffdecb0ac10bb4d781e5ca059ef0eb
SHA1

37799f59086508a5d69dddc4173276bd37ac607f
SHA256

48477731c540605dad84300f6f93ad90531d87ada89cad74f064b36bcd89828e
SHA512

6be29bd110f5a8c67a1c78dc2378c08fbe128035fab530eca488b818492d7d8eb4cf7eaedfb41327f401f0a8a37bbe327bc8da67b9c6eaaed568888c7ab381e6
SSDEEP

6144:ED2yZIhyrwOJwnqzL7LWw1u2HryovVvq60ZjgTI:ED1IEFRv7KSHVdwZ0E

Score

10^/10

dcrat redline smokeloader installs backdoor infostealer rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

64c8961580c51d91243226dac1d4b95a4bc9a47f580acadfaa291c3ae1b7e14a.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

64c8961580c51d91243226dac1d4b95a4bc9a47f580acadfaa291c3ae1b7e14a.exe

Resource

win10v2004-20220812-en

dcrat redline smokeloader installs backdoor infostealer rat spyware trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

installs

C2

77.73.134.57:20368

Attributes

auth_value
018d84fd84774560e4827f12acc7d4af

Targets

- Target
  
  64c8961580c51d91243226dac1d4b95a4bc9a47f580acadfaa291c3ae1b7e14a
- Size
  
  327KB
- MD5
  
  ffdcce59d85399b04eaf9eae45a4ef00
- SHA1
  
  6da8310b3fb1205e41b66010f30b72336759b5ab
- SHA256
  
  64c8961580c51d91243226dac1d4b95a4bc9a47f580acadfaa291c3ae1b7e14a
- SHA512
  
  2f6f76aa01bb072d66a59a6edec8543b7b0e9fab8a9e91273d103383f942c8111e4b9e65e16763810017de5c4a5b4b89aaf7cb0fb000081d3affed3929d3ff3b
- SSDEEP
  
  6144:hkU4szLY+MQHUhtorwOJwL82XYosWYf67k13bwZ4Vxq:V9zs+MQ0sFV2XxsWYy7
Score

10^/10

smokeloader backdoor trojan dcrat redline installs infostealer rat spyware
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

dcratredlinesmokeloaderinstallsbackdoorinfostealerratspywaretrojan

© 2018-2024

Terms | Privacy