Extracted

Extracted

• • Target

    $RDUQK6W.exe

  • Size

    10.5MB

  • MD5

    4a5a3ad1c74f3f7d525e1c97995ca649

  • SHA1

    cc0548dcbf4c0bc4489529e9148cf9f921485e84

  • SHA256

    19b66b877aa9324a2e9a51d828e1cab41b553070d37729096c555a7f1810fbb3

  • SHA512

    fbb94f6b670fbd6e32ac71b97cfe00d3c67a9747e1e4192ad1889bd8cf121b1b3bfe6e9fa0d4ba8634b5a8431b84c4ba7b3800bb6e128ce9ad759f952ac875b3

  • SSDEEP

    196608:OXBAqsvidH8HkLOogdmCvl6SsT2bygeHHNc8zKiSKu5GjY2+rZvPTetsi0ERHblh:vidcEiJtNUEMH6kXYj5etb0qHblVFV

  Score

  10^/10

  allcomedcratzgratevasioninfostealerratstealertrojancolibribuild1loader

  • Allcome

    A clipbanker that supports stealing different cryptocurrency wallets and payment forms.

    stealerallcome

  • Colibri Loader

    A loader sold as MaaS first seen in August 2021.

    loadercolibri

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat

  • Detect ZGRat V1

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • UAC bypass

    evasiontrojan

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • DCRat payload

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks whether UAC is enabled

    evasiontrojan

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2