Extracted

• • Target

    2b2d4fcde79ec18965ade78318c38c4c.exe

  • Size

    3.5MB

  • MD5

    2b2d4fcde79ec18965ade78318c38c4c

  • SHA1

    6117aa4ee5f83046ba23398deeeb892b1bb22bab

  • SHA256

    e297203dfba8fae21f135b84577e5ca2bab763ce31dd4870a6675ce4bf4b4438

  • SHA512

    bb3d45a350c1c8a7ad79251872d2d163249c65b3953d2031f817322972915d75c5a839599ad0a37251bee5346ab1ff3fdfde47b341255c02f0c9f51c3b0325b8

  • SSDEEP

    98304:vJGVP6249vx6nXmtxhwv1CT86mtaxOl7uss/31N3H:vUVoVxQX2xh2088xMk/lh

  Score

  10^/10

  dcratorcusновый тегinfostealerratspywarestealer

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcus main payload

  • DCRat payload

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2