Overview

overview

10

Static

static

10

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3f55b55d09fad17c50fe30193682017d1df2a584d20d27f41d5848e479ae0cc

  • Size

    1.3MB

  • Sample

    230202-zbmpfaaf3y

  • MD5

    def10e0c456c24cbb2bd889263ae3ab3

  • SHA1

    9ba00b2d5069385c9b2184d2474385bc21008847

  • SHA256

    e3f55b55d09fad17c50fe30193682017d1df2a584d20d27f41d5848e479ae0cc

  • SHA512

    fad8a1cab01a2e5789c9f4bfda814a820146776d7370f2cab9f024b5d542ca691b90e42d94bdfd34c583604db0b0a8f8c7cc140deec40eb038cbd4be7371054a

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      e3f55b55d09fad17c50fe30193682017d1df2a584d20d27f41d5848e479ae0cc

    • Size

      1.3MB

    • MD5

      def10e0c456c24cbb2bd889263ae3ab3

    • SHA1

      9ba00b2d5069385c9b2184d2474385bc21008847

    • SHA256

      e3f55b55d09fad17c50fe30193682017d1df2a584d20d27f41d5848e479ae0cc

    • SHA512

      fad8a1cab01a2e5789c9f4bfda814a820146776d7370f2cab9f024b5d542ca691b90e42d94bdfd34c583604db0b0a8f8c7cc140deec40eb038cbd4be7371054a

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks