Overview

overview

10

Static

static

10

c0bea0a118...0a.exe

windows7-x64

10

c0bea0a118...0a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c0bea0a11853ecbdd169b0d0a.exe

  • Size

    1.2MB

  • Sample

    230704-q3engade92

  • MD5

    f20c74f02de55472d8b565868a19f4f5

  • SHA1

    7be531a0a8ca1e686e6f7ff70fc3c2de963684fe

  • SHA256

    c0bea0a11853ecbdd169b0d0ac30f0afcba308555752a0ead4de45895ec69ed2

  • SHA512

    bd0664c6bb354ea240f942f8911daf494e62f97af6253ae77768b8d206e4c3245af655da94af410816917c1f7293123bc4dafa1ec8cc57fc1b5506fe5b3bebef

  • SSDEEP

    24576:U2G/nvxW3Ww0t1Qo4QruJTrTn5mC8IasJ8lkf6LgH:UbA301n47rzrJfkY

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      c0bea0a11853ecbdd169b0d0a.exe

    • Size

      1.2MB

    • MD5

      f20c74f02de55472d8b565868a19f4f5

    • SHA1

      7be531a0a8ca1e686e6f7ff70fc3c2de963684fe

    • SHA256

      c0bea0a11853ecbdd169b0d0ac30f0afcba308555752a0ead4de45895ec69ed2

    • SHA512

      bd0664c6bb354ea240f942f8911daf494e62f97af6253ae77768b8d206e4c3245af655da94af410816917c1f7293123bc4dafa1ec8cc57fc1b5506fe5b3bebef

    • SSDEEP

      24576:U2G/nvxW3Ww0t1Qo4QruJTrTn5mC8IasJ8lkf6LgH:UbA301n47rzrJfkY

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks