Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e5950919bef34119b8e1ac08b1b40ae79baec60992eed35e7711f80731a86fa

  • Size

    1.3MB

  • Sample

    230202-24y92sca5y

  • MD5

    eca69f21e0c115239ebcdef898673d07

  • SHA1

    f4593cffd8668841cc9734e66c27364d992f6db6

  • SHA256

    1e5950919bef34119b8e1ac08b1b40ae79baec60992eed35e7711f80731a86fa

  • SHA512

    3bb3d72a6f2d10be0252bf20abb93359c47433b78cb089d0a61da43b181af6ecc7bdfd3c275e19d6ea679d626537ca4739600ffbfe8ef0412b2e4c470b806578

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      1e5950919bef34119b8e1ac08b1b40ae79baec60992eed35e7711f80731a86fa

    • Size

      1.3MB

    • MD5

      eca69f21e0c115239ebcdef898673d07

    • SHA1

      f4593cffd8668841cc9734e66c27364d992f6db6

    • SHA256

      1e5950919bef34119b8e1ac08b1b40ae79baec60992eed35e7711f80731a86fa

    • SHA512

      3bb3d72a6f2d10be0252bf20abb93359c47433b78cb089d0a61da43b181af6ecc7bdfd3c275e19d6ea679d626537ca4739600ffbfe8ef0412b2e4c470b806578

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks