Overview

overview

10

Static

static

10

22af9f47c4...60.exe

windows7-x64

10

22af9f47c4...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22af9f47c40e08e5d5f785a026657a60.exe

  • Size

    2.9MB

  • Sample

    230825-hadxgabc5y

  • MD5

    22af9f47c40e08e5d5f785a026657a60

  • SHA1

    e528b7cc9ca32e65d6c9293e68e36a098a83c15d

  • SHA256

    6ade40b71ee50ca95629aaa593bc8f48335ff0eee6c47c3a1dcaacbd9f1eaf42

  • SHA512

    3a1fb18954dff9c26a448a3c7d8a26d9d836b27d93bb84c41cba6067cfaac8d1fa79689b67366104c3a79ac94f3f53da9ded47861b5df0c30f064cc919b4d147

  • SSDEEP

    49152:kE/RbA3j8QfrCr9BeogEdfwV4VnaT8WrEFmaAyUXccU43WE/Q:kE/Rbl4Cr9NYCVnUEF6rhUrE/Q

Score
10/10
dcratinfostealerratspywarestealer

Malware Config

Targets

    • Target

      22af9f47c40e08e5d5f785a026657a60.exe

    • Size

      2.9MB

    • MD5

      22af9f47c40e08e5d5f785a026657a60

    • SHA1

      e528b7cc9ca32e65d6c9293e68e36a098a83c15d

    • SHA256

      6ade40b71ee50ca95629aaa593bc8f48335ff0eee6c47c3a1dcaacbd9f1eaf42

    • SHA512

      3a1fb18954dff9c26a448a3c7d8a26d9d836b27d93bb84c41cba6067cfaac8d1fa79689b67366104c3a79ac94f3f53da9ded47861b5df0c30f064cc919b4d147

    • SSDEEP

      49152:kE/RbA3j8QfrCr9BeogEdfwV4VnaT8WrEFmaAyUXccU43WE/Q:kE/Rbl4Cr9NYCVnUEF6rhUrE/Q

    Score
    10/10
    dcratinfostealerratspywarestealer

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks