Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85e6a921f859702996dd221dab906b2441d6ecb263d402b113ef786efa7d2c79

  • Size

    1.3MB

  • Sample

    230202-nxdswaga56

  • MD5

    c32e3208096e936d47197c7d06dbef66

  • SHA1

    241bd81863c03a43114bdcf5bc45ea4ff888b0be

  • SHA256

    85e6a921f859702996dd221dab906b2441d6ecb263d402b113ef786efa7d2c79

  • SHA512

    7494f14ed79c556914897c280522fd5dfa97ade8c8c7aeb048ddbb63a78261006224f01bddab6bb42f7745525d9ae936a13be5c168f354df78a617eeda00b541

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      85e6a921f859702996dd221dab906b2441d6ecb263d402b113ef786efa7d2c79

    • Size

      1.3MB

    • MD5

      c32e3208096e936d47197c7d06dbef66

    • SHA1

      241bd81863c03a43114bdcf5bc45ea4ff888b0be

    • SHA256

      85e6a921f859702996dd221dab906b2441d6ecb263d402b113ef786efa7d2c79

    • SHA512

      7494f14ed79c556914897c280522fd5dfa97ade8c8c7aeb048ddbb63a78261006224f01bddab6bb42f7745525d9ae936a13be5c168f354df78a617eeda00b541

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks