Overview

overview

10

Static

static

10

6490f4a648...5d.exe

windows7-x64

10

6490f4a648...5d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6490f4a648091c430e36cae757cb5cc8c78a0963746ab5e164cc4f7be7c2295d

  • Size

    2.5MB

  • Sample

    230612-3jq9daeg3t

  • MD5

    59b19c64feab46b3f0800fc5b345e526

  • SHA1

    f3257aad36339823070f67d2b45e3435a14888f6

  • SHA256

    6490f4a648091c430e36cae757cb5cc8c78a0963746ab5e164cc4f7be7c2295d

  • SHA512

    2cb114822f2627721bb9dbb644655de19683882da90e3548f669efdf8421f92051d5649b4ea952df165d4ebeed9007213583577bb008950c7a25b815593f6ccb

  • SSDEEP

    49152:UbA30Aurm+tznMLTqmfNb8WDZPmiLrgqxKX0qvTaMyfsY1l:Ubf5g/59TDZPmqr3Kh5yfsYj

Score
10/10
dcratevasioninfostealerrattrojan

Malware Config

Targets

    • Target

      6490f4a648091c430e36cae757cb5cc8c78a0963746ab5e164cc4f7be7c2295d

    • Size

      2.5MB

    • MD5

      59b19c64feab46b3f0800fc5b345e526

    • SHA1

      f3257aad36339823070f67d2b45e3435a14888f6

    • SHA256

      6490f4a648091c430e36cae757cb5cc8c78a0963746ab5e164cc4f7be7c2295d

    • SHA512

      2cb114822f2627721bb9dbb644655de19683882da90e3548f669efdf8421f92051d5649b4ea952df165d4ebeed9007213583577bb008950c7a25b815593f6ccb

    • SSDEEP

      49152:UbA30Aurm+tznMLTqmfNb8WDZPmiLrgqxKX0qvTaMyfsY1l:Ubf5g/59TDZPmqr3Kh5yfsYj

    Score
    10/10
    dcratevasioninfostealerrattrojan

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

      evasiontrojan

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Bypass User Account Control

1
T1088

Scheduled Task

1
T1053

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks