Overview

overview

10

Static

static

10

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    172af321418b938a65a8c592382b9b07bcee1c3dba9ad5e9df8cb8cde42e0c0b

  • Size

    1.3MB

  • Sample

    230202-sy6x9scf55

  • MD5

    a1ac1dc15ceb3a08b02c2e6ac427b8d3

  • SHA1

    bd97144e3ccedfeb60050687be5870583b96764d

  • SHA256

    172af321418b938a65a8c592382b9b07bcee1c3dba9ad5e9df8cb8cde42e0c0b

  • SHA512

    60a5d15b05b76840c0c5f8d71896135305b81d06ac605690b81e90269bf715d22339825ac6f7bfc7bfcbc8cd34de2155006272c762e113702b479184d30b1627

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      172af321418b938a65a8c592382b9b07bcee1c3dba9ad5e9df8cb8cde42e0c0b

    • Size

      1.3MB

    • MD5

      a1ac1dc15ceb3a08b02c2e6ac427b8d3

    • SHA1

      bd97144e3ccedfeb60050687be5870583b96764d

    • SHA256

      172af321418b938a65a8c592382b9b07bcee1c3dba9ad5e9df8cb8cde42e0c0b

    • SHA512

      60a5d15b05b76840c0c5f8d71896135305b81d06ac605690b81e90269bf715d22339825ac6f7bfc7bfcbc8cd34de2155006272c762e113702b479184d30b1627

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks