Overview

overview

10

Static

static

3

NixWare Cr...xd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NixWare Crck by cvrsxd (Пароль 123).rar

  • Size

    7.3MB

  • Sample

    230125-qlm9aahg6s

  • MD5

    397208bb074894ccafc7363f8c252235

  • SHA1

    2277fc333928e7d06d9e08f4c351138c695dc2b8

  • SHA256

    be7dd6132932358d0d3f9f8ec8e6873b33209c1472693794432b436d3054b57d

  • SHA512

    dbb1a7d41b1dd6aabe17391222dcc9fb7d7e770d1e2d6004464cb5d20a59c0ad244b6bbaa9730ab405e609548b7abe9694f355e630cb63a31a1992cea339e3a4

  • SSDEEP

    196608:cNAlRBV3UusXua+zDLiLfRU/zqdD9BS4QaywniTTK:Y4Rsea+eLe/WDHS7winK

Score
10/10
dcratinfostealerpyinstallerrat

Malware Config

Targets

    • Target

      NixWare Crck by cvrsxd.exe

    • Size

      7.7MB

    • MD5

      7f15f641a57e45f8df8699d0252c21a8

    • SHA1

      9c43544e6ce38515308e8c332739db4c1e20a1b0

    • SHA256

      35eb19ea69a24e05c25dc6b2adab9251b8fe30e91e8217e271bda0acf750590c

    • SHA512

      3c1d78c6df1bc684dc54690a3ce4bc672b7e9c2ac944b04cef9a6613ee4de8cb28f9e8cdd75b22e99d5261e7d01caad0c11e8de73d2e338c994d8969e50277a9

    • SSDEEP

      196608:q9P9NAfoqdQmRrdA6lsuErSEEJwdF6OrtYPXk0X:+P96f9dQOls+9JOrt8X

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks