Overview

overview

10

Static

static

10

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b9f5dcce034677dc4c74da7ec66b3ffd8a6b9ea4dbe6aaedb42ef70733863d5

  • Size

    1.3MB

  • Sample

    230202-tzze9aaa93

  • MD5

    cc42bb9a9c27896af4d42e511fa1ec5c

  • SHA1

    87cf27d81c1f78062f7dc8c3771f6b8b3516917b

  • SHA256

    8b9f5dcce034677dc4c74da7ec66b3ffd8a6b9ea4dbe6aaedb42ef70733863d5

  • SHA512

    6ec45cc2dafc9acb103c85589a7353ef918e57f1ec9594e8b6041e9c792c4e2168d95c385bdff84d8311a0f48a3dc540632e16abae203a1f4e6dcee781ddfb2a

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      8b9f5dcce034677dc4c74da7ec66b3ffd8a6b9ea4dbe6aaedb42ef70733863d5

    • Size

      1.3MB

    • MD5

      cc42bb9a9c27896af4d42e511fa1ec5c

    • SHA1

      87cf27d81c1f78062f7dc8c3771f6b8b3516917b

    • SHA256

      8b9f5dcce034677dc4c74da7ec66b3ffd8a6b9ea4dbe6aaedb42ef70733863d5

    • SHA512

      6ec45cc2dafc9acb103c85589a7353ef918e57f1ec9594e8b6041e9c792c4e2168d95c385bdff84d8311a0f48a3dc540632e16abae203a1f4e6dcee781ddfb2a

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks