Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    3.6MB

  • Sample

    230526-3kz8nshe99

  • MD5

    58057d76d2404da3d52d975004a59be8

  • SHA1

    9066c61f5ac3c452836e48d6852950ff480d4904

  • SHA256

    1adae771c3a7056ccc55bb3805a43d8560b8117007403021d9a0799178a38d32

  • SHA512

    1740c1d59e909ecf4ab42e7510943ca5b47cf35ab6f1d5f91a17a53ba1e9fd50749f9142bb4d9ca651064df3bcd0894e0d4725950df3d8a333d0373872f90faf

  • SSDEEP

    98304:Jm5nQObELIj/j1Kb4E3+F7iBaUf8Lt/wZDMcFdD5cuJP3:Jm9QDL2/UL+xdLOZhD5c6P3

Score
10/10
dcratevasioninfostealerrattrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      3.6MB

    • MD5

      58057d76d2404da3d52d975004a59be8

    • SHA1

      9066c61f5ac3c452836e48d6852950ff480d4904

    • SHA256

      1adae771c3a7056ccc55bb3805a43d8560b8117007403021d9a0799178a38d32

    • SHA512

      1740c1d59e909ecf4ab42e7510943ca5b47cf35ab6f1d5f91a17a53ba1e9fd50749f9142bb4d9ca651064df3bcd0894e0d4725950df3d8a333d0373872f90faf

    • SSDEEP

      98304:Jm5nQObELIj/j1Kb4E3+F7iBaUf8Lt/wZDMcFdD5cuJP3:Jm9QDL2/UL+xdLOZhD5c6P3

    Score
    10/10
    dcratevasioninfostealerrattrojan

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

      evasiontrojan

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Hidden Files and Directories

1
T1158

Privilege Escalation

Bypass User Account Control

1
T1088

Scheduled Task

1
T1053

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks