darktrack | 71d441f9725ee7a1e158a85e037e2311875f19ad12729900dba14c3ded8c5166 | Triage

Submit
Reports

Overview

overview

Static

static

71d441f972...66.exe

windows7-x64

71d441f972...66.exe

windows10-2004-x64

Resubmissions

26-12-2023 07:36

231226-jfrwysdhh8 10

28-02-2021 07:18

210228-gg2156g8fe 10

Sharing

General

Target

71d441f9725ee7a1e158a85e037e2311875f19ad12729900dba14c3ded8c5166
Size

627KB
Sample

231226-jfrwysdhh8
MD5

70b5ca289fa630db5715f047212a5403
SHA1

e6e4d63c0be8cbad0517c4ae1a56b1beefac5980
SHA256

71d441f9725ee7a1e158a85e037e2311875f19ad12729900dba14c3ded8c5166
SHA512

e347f690dd54bb48e63a12ba8c63fd7617eafa9b03aea73a4ab107cca3838723bf38a0d3ed36a2e43d3ae6876f26ffd3f27230220fab430f389c90bb2a0aff84
SSDEEP

12288:lOqvQomCg4G6q90tmPvj+GU/ttJuqwh3EQiXRUVZs4ixsiNhkApRawx:xoovgbAKvBgtJuqwh3EQihUb1ifNh9

Score

10^/10

darktrack persistence rat stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

71d441f9725ee7a1e158a85e037e2311875f19ad12729900dba14c3ded8c5166.exe

Resource

win7-20231215-en

darktrack persistence rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

71d441f9725ee7a1e158a85e037e2311875f19ad12729900dba14c3ded8c5166.exe

Resource

win10v2004-20231215-en

darktrack persistence rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  71d441f9725ee7a1e158a85e037e2311875f19ad12729900dba14c3ded8c5166
- Size
  
  627KB
- MD5
  
  70b5ca289fa630db5715f047212a5403
- SHA1
  
  e6e4d63c0be8cbad0517c4ae1a56b1beefac5980
- SHA256
  
  71d441f9725ee7a1e158a85e037e2311875f19ad12729900dba14c3ded8c5166
- SHA512
  
  e347f690dd54bb48e63a12ba8c63fd7617eafa9b03aea73a4ab107cca3838723bf38a0d3ed36a2e43d3ae6876f26ffd3f27230220fab430f389c90bb2a0aff84
- SSDEEP
  
  12288:lOqvQomCg4G6q90tmPvj+GU/ttJuqwh3EQiXRUVZs4ixsiNhkApRawx:xoovgbAKvBgtJuqwh3EQihUb1ifNh9
Score

10^/10

darktrack persistence rat stealer
- DarkTrack
  DarkTrack is a remote administration tool written in delphi.
  rat stealer darktrack
- DarkTrack payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darktrackpersistenceratstealer

behavioral2

darktrackpersistenceratstealer

© 2018-2024

Terms | Privacy