Overview

overview

10

Static

static

10

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    239ac412c988bd7a5256588042ea1d94ad417558102a0e5fc14f81035bae591a

  • Size

    1.3MB

  • Sample

    230202-17c1jsgd67

  • MD5

    74a3602fa37c13016a6e8ad9bb98903a

  • SHA1

    766d97b0c9b24f227bb3038e6f1a1d3ef1d0459e

  • SHA256

    239ac412c988bd7a5256588042ea1d94ad417558102a0e5fc14f81035bae591a

  • SHA512

    18d1ed4d2349e65506ee0582a2e7ccbd1eb7e63ed1392141d0dc8ddbecb7c319b3f9cddb2268a606d9819f8aaa5b4a460a4aa36413f380f5ed417e8f91902ac1

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      239ac412c988bd7a5256588042ea1d94ad417558102a0e5fc14f81035bae591a

    • Size

      1.3MB

    • MD5

      74a3602fa37c13016a6e8ad9bb98903a

    • SHA1

      766d97b0c9b24f227bb3038e6f1a1d3ef1d0459e

    • SHA256

      239ac412c988bd7a5256588042ea1d94ad417558102a0e5fc14f81035bae591a

    • SHA512

      18d1ed4d2349e65506ee0582a2e7ccbd1eb7e63ed1392141d0dc8ddbecb7c319b3f9cddb2268a606d9819f8aaa5b4a460a4aa36413f380f5ed417e8f91902ac1

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks