Overview

overview

10

Static

static

10

IY8XD9Em5a...s8.exe

windows7-x64

10

IY8XD9Em5a...s8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IY8XD9Em5aR57Lxnxdzxehs8.exe

  • Size

    1.2MB

  • Sample

    230130-cmvg4adf23

  • MD5

    32c8eec5e81fede3724b82fd282f1cff

  • SHA1

    539dbe8acf63ceb62b5af8b567f4eb7c70beec1d

  • SHA256

    195b2055f09486e3708bc421dc84316e8bfc1f1c85e223a04f1fe046e15ba197

  • SHA512

    6eb87b91990f7a3e7e4bdd6883f98ee1ebc25509dae84c358fb72a5420bdc0dff1343192e07617981b823517dd79b41abde3a9a3c5e7a8a1bcaf1630651e4718

  • SSDEEP

    12288:RpxNE5GIgNQAnBHRLyd51fRpOfpUi1i/jIEtk7VqMIE4/A7CrVuqTMMP1QYyXR3a:RpxNJFpHR+7OCGdpaEeueCYSnnty

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      IY8XD9Em5aR57Lxnxdzxehs8.exe

    • Size

      1.2MB

    • MD5

      32c8eec5e81fede3724b82fd282f1cff

    • SHA1

      539dbe8acf63ceb62b5af8b567f4eb7c70beec1d

    • SHA256

      195b2055f09486e3708bc421dc84316e8bfc1f1c85e223a04f1fe046e15ba197

    • SHA512

      6eb87b91990f7a3e7e4bdd6883f98ee1ebc25509dae84c358fb72a5420bdc0dff1343192e07617981b823517dd79b41abde3a9a3c5e7a8a1bcaf1630651e4718

    • SSDEEP

      12288:RpxNE5GIgNQAnBHRLyd51fRpOfpUi1i/jIEtk7VqMIE4/A7CrVuqTMMP1QYyXR3a:RpxNJFpHR+7OCGdpaEeueCYSnnty

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks