Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93bc6b58254e0280350adfe7bb96be61e992eed498ff4ea212cf69485db19cdd

  • Size

    1.3MB

  • Sample

    230202-ynb8ssac4y

  • MD5

    9a821c9cc3f9a370f8ca1c71ce6c0163

  • SHA1

    d7d235f52a644460a1704d8b37f478f35f87a52f

  • SHA256

    93bc6b58254e0280350adfe7bb96be61e992eed498ff4ea212cf69485db19cdd

  • SHA512

    43a049d964117c478ee63a29c7d35cb11f7e06d94b14f684629914a123af86b155aa7e61fa9423d4ec7f69c3026f0569143ad3ef052c7acaa73c2efea4c3abe0

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      93bc6b58254e0280350adfe7bb96be61e992eed498ff4ea212cf69485db19cdd

    • Size

      1.3MB

    • MD5

      9a821c9cc3f9a370f8ca1c71ce6c0163

    • SHA1

      d7d235f52a644460a1704d8b37f478f35f87a52f

    • SHA256

      93bc6b58254e0280350adfe7bb96be61e992eed498ff4ea212cf69485db19cdd

    • SHA512

      43a049d964117c478ee63a29c7d35cb11f7e06d94b14f684629914a123af86b155aa7e61fa9423d4ec7f69c3026f0569143ad3ef052c7acaa73c2efea4c3abe0

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks