Overview

overview

10

Static

static

10

CrypterLocalMin.exe

windows7-x64

10

CrypterLocalMin.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CrypterLocalMin.exe

  • Size

    627KB

  • Sample

    230121-xkrzeafc2s

  • MD5

    fc938e39c9d9e09ef95d04b7529ff7cf

  • SHA1

    c726cefba588cea3135ba7bb47228676d68ce51a

  • SHA256

    c01b4811306e46eb5b8bd85e25a5d6c9fdf508983855278e2ad905bcbd4a052d

  • SHA512

    0afe99956bc923ccfef67e7e9a854a0f601fc53cfdcbd29964ee2d6f21e33a88f0fa43fbac13c24b25abc433abccb8e54ddab73a460596fb165190f5550915db

  • SSDEEP

    12288:aRZ+IoG/n9IQxW3OBsee2X+t4RbdnNE5XM/j7DFJvAmLRFQ5S/RW:U2G/nvxW3Ww0tdnNKMnffLRuiY

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      CrypterLocalMin.exe

    • Size

      627KB

    • MD5

      fc938e39c9d9e09ef95d04b7529ff7cf

    • SHA1

      c726cefba588cea3135ba7bb47228676d68ce51a

    • SHA256

      c01b4811306e46eb5b8bd85e25a5d6c9fdf508983855278e2ad905bcbd4a052d

    • SHA512

      0afe99956bc923ccfef67e7e9a854a0f601fc53cfdcbd29964ee2d6f21e33a88f0fa43fbac13c24b25abc433abccb8e54ddab73a460596fb165190f5550915db

    • SSDEEP

      12288:aRZ+IoG/n9IQxW3OBsee2X+t4RbdnNE5XM/j7DFJvAmLRFQ5S/RW:U2G/nvxW3Ww0tdnNKMnffLRuiY

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks