Overview

overview

10

Static

static

10

b313d25c0f...1f.exe

windows7-x64

10

b313d25c0f...1f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b313d25c0fed1c6069e6a72e73a5751f.exe

  • Size

    1.2MB

  • Sample

    230126-2fcq5sha6t

  • MD5

    b313d25c0fed1c6069e6a72e73a5751f

  • SHA1

    1717db41053d68f4b6cb0619eaee7d7617a6ebc9

  • SHA256

    01e2946bab81b880ec494a1692a791ced92624246e6aed7a15c725851ede71dd

  • SHA512

    6807bc163b386f0398a7195f83f7b0619d912724582780ace94d0cd115c2f192a90536f9950cf61c9f18d7df0da58ea9116a22544ff9f3a5489e6c2398d975d3

  • SSDEEP

    24576:1oz7PdSo8OhfvG83PxEXY5TZ95f+bYy4HKTtadCK2yseqa+B:1odSo80/GXC9+bl4ewpEe+

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      b313d25c0fed1c6069e6a72e73a5751f.exe

    • Size

      1.2MB

    • MD5

      b313d25c0fed1c6069e6a72e73a5751f

    • SHA1

      1717db41053d68f4b6cb0619eaee7d7617a6ebc9

    • SHA256

      01e2946bab81b880ec494a1692a791ced92624246e6aed7a15c725851ede71dd

    • SHA512

      6807bc163b386f0398a7195f83f7b0619d912724582780ace94d0cd115c2f192a90536f9950cf61c9f18d7df0da58ea9116a22544ff9f3a5489e6c2398d975d3

    • SSDEEP

      24576:1oz7PdSo8OhfvG83PxEXY5TZ95f+bYy4HKTtadCK2yseqa+B:1odSo80/GXC9+bl4ewpEe+

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks