Overview

overview

10

Static

static

10

NEAS.f7d31...90.exe

windows7-x64

10

NEAS.f7d31...90.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.f7d31ed8a4934e75ba942630685bf090.exe

  • Size

    1.1MB

  • Sample

    231028-y3v98aef68

  • MD5

    f7d31ed8a4934e75ba942630685bf090

  • SHA1

    ec9ebd48e3a3111b3c4e91171da8465c267a6e44

  • SHA256

    ed0b363f62f90f473283536ad4c9854f7c2479111e3d0c5fa4407ace8515df77

  • SHA512

    aa3e71afcb5069ac6c22ddd98e165cc3b303ad4b8f9ae8f71e648d4023aa072b22319ba55b07fb7516dcdb5217ec68564965bc14a7f2abb9e1a27b1d396b01e6

  • SSDEEP

    24576:aADdteLS1VO6wLVqq0aJSw69voIN7y7Di0:8E86MVX/SwHmf

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      NEAS.f7d31ed8a4934e75ba942630685bf090.exe

    • Size

      1.1MB

    • MD5

      f7d31ed8a4934e75ba942630685bf090

    • SHA1

      ec9ebd48e3a3111b3c4e91171da8465c267a6e44

    • SHA256

      ed0b363f62f90f473283536ad4c9854f7c2479111e3d0c5fa4407ace8515df77

    • SHA512

      aa3e71afcb5069ac6c22ddd98e165cc3b303ad4b8f9ae8f71e648d4023aa072b22319ba55b07fb7516dcdb5217ec68564965bc14a7f2abb9e1a27b1d396b01e6

    • SSDEEP

      24576:aADdteLS1VO6wLVqq0aJSw69voIN7y7Di0:8E86MVX/SwHmf

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks