Extracted

Extracted

• • Target

    http://77.91.68.78/lend

  Score

  10^/10

  dcrateternityredlinesectopratlegendaryinstalls_20230918clipperinfostealerrattrojan

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat

  • Detects Eternity clipper

    clipper

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • DCRat payload

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat

  • Downloads MZ/PE file

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Uses the VBS compiler for execution

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1