Overview

overview

10

Static

static

3

000c25f856...e7.exe

windows7-x64

10

000c25f856...e7.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    000c25f85640678f636a31909dbf94e7.exe

  • Size

    1.7MB

  • Sample

    231012-fylk4shc5w

  • MD5

    000c25f85640678f636a31909dbf94e7

  • SHA1

    55b1fca413b176d243caf796af4358a510ad931a

  • SHA256

    5a41a105b733d97acc93315066ac39f50c2d2923df02d86c5b0b143fc3e82ff6

  • SHA512

    93ea97e0334d94269ca888b347c24bc8215ac5b579be9816b5328c8439287048484b08bd9a41c4465aaeebbc9e2d8b9bd953c52d74f987206e8ceff1a5adf5d5

  • SSDEEP

    12288:y+CW3EFxVkNFuwoUDInV/kg0d0lx743tIm2atsbWvL50R0cf9AQyIpHnMuDaP41:yg3BNloUDi4LFueIyR+w7V33Vd

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      000c25f85640678f636a31909dbf94e7.exe

    • Size

      1.7MB

    • MD5

      000c25f85640678f636a31909dbf94e7

    • SHA1

      55b1fca413b176d243caf796af4358a510ad931a

    • SHA256

      5a41a105b733d97acc93315066ac39f50c2d2923df02d86c5b0b143fc3e82ff6

    • SHA512

      93ea97e0334d94269ca888b347c24bc8215ac5b579be9816b5328c8439287048484b08bd9a41c4465aaeebbc9e2d8b9bd953c52d74f987206e8ceff1a5adf5d5

    • SSDEEP

      12288:y+CW3EFxVkNFuwoUDInV/kg0d0lx743tIm2atsbWvL50R0cf9AQyIpHnMuDaP41:yg3BNloUDi4LFueIyR+w7V33Vd

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks