Overview

overview

10

Static

static

3

2daebd8dfa...ad.exe

windows7-x64

10

2daebd8dfa...ad.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c4040c9572e25b68248895c75.bin

  • Size

    1.2MB

  • Sample

    230704-q35vnadf23

  • MD5

    49a744c4fab659d05f2728c120e852ac

  • SHA1

    766451c647593c5785ca77bfc9aa476ffd6c3b31

  • SHA256

    67023e5eea41ad1c9c1309c6184a031934774c6434715e5def0bd6267d501bbe

  • SHA512

    2d39f205ba6a821fa8ccb0cb71d0816997a59a8305936ee99ba7cf99abb7dfc005c59b3b566f299a22a9e13c1f054e2910d465a705b8103199296c73b1e4f99c

  • SSDEEP

    24576:mPcYTGV4d65eSuYxvY+zB7RwEL/AJVGb0v5MKc8PC3OMxz1yPy8S2xCZF0O+oIz/:mzTVE5eatdzB7XL/A3zvcoC7jF83u+v

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      2daebd8dfaff129627b1e4b6f8dc3df6ffa6e48035fa2806bfad550d8980fdad.exe

    • Size

      2.0MB

    • MD5

      c4040c9572e25b68248895c75eeba061

    • SHA1

      1248507d3ce31ecc51ca82857170919e2ea9fe32

    • SHA256

      2daebd8dfaff129627b1e4b6f8dc3df6ffa6e48035fa2806bfad550d8980fdad

    • SHA512

      bb76b3ceaa77014c57be7bc576194a7dc29bb6ad374b69b2e8a96b6deb39f181a3a11ce0eb288936d09ecbb68844cbfc77948c48851b39dd2e1fbca3814d42b0

    • SSDEEP

      24576:lBhv99f9Gs8aOCbzcjWzJC82lwjapmnLwN2Z66Tk862t9mpR:NzfcfgcjWzJmlw+mLwa66Tk86TR

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks