Overview

overview

10

Static

static

1

71becff3e0...b8.exe

windows7-x64

10

71becff3e0...b8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8.exe

  • Size

    3.4MB

  • Sample

    230609-m19jaacg4s

  • MD5

    8136421aa9596cb02a6c30a99b376db5

  • SHA1

    a4866f30925441944eb06e9540fd8740a7302b84

  • SHA256

    71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8

  • SHA512

    a6b2fcb864ecc6b10a2a08373d12d8f59f16e9ca22b1b014c2326807a1bb90ab84e1a0b9afd637a408c179f9025eee28f017e35bf6543fb59e06a12c9860bf8c

  • SSDEEP

    24576:0BgrBN6i/BEuM75fCJaBSDVdMYHl6I4H8ykD3A:yIWqgBSDAYHl4cykD3A

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8.exe

    • Size

      3.4MB

    • MD5

      8136421aa9596cb02a6c30a99b376db5

    • SHA1

      a4866f30925441944eb06e9540fd8740a7302b84

    • SHA256

      71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8

    • SHA512

      a6b2fcb864ecc6b10a2a08373d12d8f59f16e9ca22b1b014c2326807a1bb90ab84e1a0b9afd637a408c179f9025eee28f017e35bf6543fb59e06a12c9860bf8c

    • SSDEEP

      24576:0BgrBN6i/BEuM75fCJaBSDVdMYHl6I4H8ykD3A:yIWqgBSDAYHl4cykD3A

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks