Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85baea97b49a1e26950fd1afdb42e7f087d6e89c2a007359c477083ad01afae1

  • Size

    1.3MB

  • Sample

    230202-yv23ssfb95

  • MD5

    7dd9309123742a5b434a05cfc9ed808c

  • SHA1

    4931d31b2f4882669c151701d5ef4394c838d580

  • SHA256

    85baea97b49a1e26950fd1afdb42e7f087d6e89c2a007359c477083ad01afae1

  • SHA512

    aef0f563dad3446e518d9fdf8f777bb68105514d20913a3c1b8e6fb708e92b8b8e34cbc7d3c2febb34565ccc1839c353493fc8e1d124071912812feef1eba18c

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      85baea97b49a1e26950fd1afdb42e7f087d6e89c2a007359c477083ad01afae1

    • Size

      1.3MB

    • MD5

      7dd9309123742a5b434a05cfc9ed808c

    • SHA1

      4931d31b2f4882669c151701d5ef4394c838d580

    • SHA256

      85baea97b49a1e26950fd1afdb42e7f087d6e89c2a007359c477083ad01afae1

    • SHA512

      aef0f563dad3446e518d9fdf8f777bb68105514d20913a3c1b8e6fb708e92b8b8e34cbc7d3c2febb34565ccc1839c353493fc8e1d124071912812feef1eba18c

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks