Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    897KB

  • Sample

    230612-rk4qbada6t

  • MD5

    3a68a2cbeb827588f3749568b121a79b

  • SHA1

    a40fc3b0c547826353088baf247b379f1e10f25d

  • SHA256

    2ab209c8b13fc820c0f2cd15de422053e94e2ca02b939ff97eeb2abceb5bb810

  • SHA512

    7ab8bb1605cfed214d05c6dac5dc05df0b66c90e7abe67629e8c879483d5f2784edae832f48acfc92c968a3da1f13e76e5db699890ed85b0c00bb551e0e70b7d

  • SSDEEP

    12288:x7Gmaojeh4hLyhLk9el5ih7XrIqEMbs0qFvPrVc8Ml1T5J4rNl99uF04r4hZZ1v6:MTMYP2tP4CKdKh

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      file.exe

    • Size

      897KB

    • MD5

      3a68a2cbeb827588f3749568b121a79b

    • SHA1

      a40fc3b0c547826353088baf247b379f1e10f25d

    • SHA256

      2ab209c8b13fc820c0f2cd15de422053e94e2ca02b939ff97eeb2abceb5bb810

    • SHA512

      7ab8bb1605cfed214d05c6dac5dc05df0b66c90e7abe67629e8c879483d5f2784edae832f48acfc92c968a3da1f13e76e5db699890ed85b0c00bb551e0e70b7d

    • SSDEEP

      12288:x7Gmaojeh4hLyhLk9el5ih7XrIqEMbs0qFvPrVc8Ml1T5J4rNl99uF04r4hZZ1v6:MTMYP2tP4CKdKh

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks