Overview

overview

10

Static

static

HEUR-Troja...be.exe

windows7-x64

10

HEUR-Troja...be.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HEUR-Trojan-Spy.Win32.Stealer.gen-936b51db1be.exe

  • Size

    1.2MB

  • Sample

    230201-vfnp3scg2t

  • MD5

    65d590e07198d25d05b41c557b231fc7

  • SHA1

    3848eb0f0db7d00b78593aa29bd4b9e4f0b4e022

  • SHA256

    936b51db1be856b313fa5cdf194410989adeb2348988c47bf59790a0f3474afc

  • SHA512

    c4f4a8c28871aa6101b8d73361e39e9882d3806b74f22fa014b6f9dbebbfa8d94e6458a1425ad077683a70ab59fa80cf955777cd348192014cbf39711c6fb964

  • SSDEEP

    12288:DVj+qgXEJ2RATf1rBH28VUuY9cd1296Uw3U8Db1QxT2pHGTOwpkgol6lJkh/3/nn:Zj+ErfdBH28VUx9zQpBAKp7g7s/3

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      HEUR-Trojan-Spy.Win32.Stealer.gen-936b51db1be.exe

    • Size

      1.2MB

    • MD5

      65d590e07198d25d05b41c557b231fc7

    • SHA1

      3848eb0f0db7d00b78593aa29bd4b9e4f0b4e022

    • SHA256

      936b51db1be856b313fa5cdf194410989adeb2348988c47bf59790a0f3474afc

    • SHA512

      c4f4a8c28871aa6101b8d73361e39e9882d3806b74f22fa014b6f9dbebbfa8d94e6458a1425ad077683a70ab59fa80cf955777cd348192014cbf39711c6fb964

    • SSDEEP

      12288:DVj+qgXEJ2RATf1rBH28VUuY9cd1296Uw3U8Db1QxT2pHGTOwpkgol6lJkh/3/nn:Zj+ErfdBH28VUx9zQpBAKp7g7s/3

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks