Overview

overview

10

Static

static

10

0cfb3be6c5...bf.exe

windows7-x64

10

0cfb3be6c5...bf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cfb3be6c52ddce05ab1192cbedce6bf.exe

  • Size

    2.3MB

  • Sample

    230831-v6kq4sgf2t

  • MD5

    0cfb3be6c52ddce05ab1192cbedce6bf

  • SHA1

    49cb372a360bc1b211ce89fcb9abda131858974c

  • SHA256

    5b5a234c61786cd4fbd79d451faeab7a784a63d0f7ca178d872e07ac26e8707b

  • SHA512

    26c7ca65580be8c89ab842f07711d1586706643644b5f43e88ea2ca0ae865126708d2e9859e87e5e2d094edfb7e426e3d70f18aba2a4e9d98cb7a9a41fc30ea9

  • SSDEEP

    49152:TNdtFpG3kioLsY/emNF3RFLyVHVKwv1a:TNx+GsIBF2NMwv

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      0cfb3be6c52ddce05ab1192cbedce6bf.exe

    • Size

      2.3MB

    • MD5

      0cfb3be6c52ddce05ab1192cbedce6bf

    • SHA1

      49cb372a360bc1b211ce89fcb9abda131858974c

    • SHA256

      5b5a234c61786cd4fbd79d451faeab7a784a63d0f7ca178d872e07ac26e8707b

    • SHA512

      26c7ca65580be8c89ab842f07711d1586706643644b5f43e88ea2ca0ae865126708d2e9859e87e5e2d094edfb7e426e3d70f18aba2a4e9d98cb7a9a41fc30ea9

    • SSDEEP

      49152:TNdtFpG3kioLsY/emNF3RFLyVHVKwv1a:TNx+GsIBF2NMwv

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks