Overview

overview

10

Static

static

c5598feb9a...76.exe

windows7-x64

10

c5598feb9a...76.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5598feb9aa8270fde3defea2a203a76.exe

  • Size

    1.0MB

  • Sample

    230110-hcxglaae6s

  • MD5

    c5598feb9aa8270fde3defea2a203a76

  • SHA1

    379fbd3105c65b562b4c5d94a6a61db4c9755a78

  • SHA256

    dfc9ecd681ac21c94bae46bb1f511b2b1c3897296abf84cc1b33d6ccbee86fae

  • SHA512

    f0f9bfdc676289b0d387ed07f5439d8008e7df2985020e555f89b6fcc242fa48d81985dbe37470f2d623da4c603e89832d38b022ea6815102069a37df1dd3ea0

  • SSDEEP

    12288:w4qd6aRELyuaoLM3zwO59ds8ymea8e6IVFAIMVGJYIdCkXNksClcamrAqZaKgv:w4qdwLy4AB8lSWoGzs1rih

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      c5598feb9aa8270fde3defea2a203a76.exe

    • Size

      1.0MB

    • MD5

      c5598feb9aa8270fde3defea2a203a76

    • SHA1

      379fbd3105c65b562b4c5d94a6a61db4c9755a78

    • SHA256

      dfc9ecd681ac21c94bae46bb1f511b2b1c3897296abf84cc1b33d6ccbee86fae

    • SHA512

      f0f9bfdc676289b0d387ed07f5439d8008e7df2985020e555f89b6fcc242fa48d81985dbe37470f2d623da4c603e89832d38b022ea6815102069a37df1dd3ea0

    • SSDEEP

      12288:w4qd6aRELyuaoLM3zwO59ds8ymea8e6IVFAIMVGJYIdCkXNksClcamrAqZaKgv:w4qdwLy4AB8lSWoGzs1rih

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks