Extracted

• • Target

    panel.exe

  • Size

    16.4MB

  • MD5

    1246b7d115005ce9fcc96848c5595d72

  • SHA1

    fa3777c7fe670cea2a4e8267945c3137091c64b5

  • SHA256

    f01393937f06be201400703d1dbfb35397c4a5162f16278ba9d9bb63ddcbcc78

  • SHA512

    5bf90904cf74a8c3775498578d856dd9f4837077928cd7ce24e4a6ccec00827bcfb28c2079498ba682a4f53204d7ad2bb8de2489005c429dc968e75e26d29101

  • SSDEEP

    393216:gyOsihmjY/uAKJkDk4x/aQsY3K/jRsBp:FOLhmjY/utek4x/aQsyKLuBp

  Score

  10^/10

  dcratredlinesectopratcheatinfostealerrattrojan

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • DCRat payload

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1