Overview

overview

10

Static

static

1

71becff3e0...b8.exe

windows7-x64

10

71becff3e0...b8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06364099.bin

  • Size

    947KB

  • Sample

    230611-kf7g3she3w

  • MD5

    3bd0f902285c90f9755cdc25dbb8e2cd

  • SHA1

    c846379891cd4bfe98937b6f444dd21b00280d7a

  • SHA256

    d901f6a4277040be44303bef1547d0c754833b7b790fa05384ea2888fffb7185

  • SHA512

    06b046bdce7651284221572db40e6600bcf8888e585c5091ffa7164b77132e52dce17049b793cc863707f8b2b10a4f45b70a0b11ba4acf186a700d2517ce21a6

  • SSDEEP

    24576:p2EZzLXIb75kvnSCjRUrqK0tXPQjLs97YykHOTHb6fHrOT:pVLYb+/SuRU7sXPQjZuLb6fLOT

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8.exe

    • Size

      3.4MB

    • MD5

      8136421aa9596cb02a6c30a99b376db5

    • SHA1

      a4866f30925441944eb06e9540fd8740a7302b84

    • SHA256

      71becff3e0037cf61458f416ee026d4c6db0a25ffb2d42b6a0eecad381825cb8

    • SHA512

      a6b2fcb864ecc6b10a2a08373d12d8f59f16e9ca22b1b014c2326807a1bb90ab84e1a0b9afd637a408c179f9025eee28f017e35bf6543fb59e06a12c9860bf8c

    • SSDEEP

      24576:0BgrBN6i/BEuM75fCJaBSDVdMYHl6I4H8ykD3A:yIWqgBSDAYHl4cykD3A

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks