Overview

overview

10

Static

static

3

EFF7B76160...33.exe

windows7-x64

10

EFF7B76160...33.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    EFF7B76160E2B43F723ED55925376133.exe

  • Size

    11.2MB

  • Sample

    240103-qb3afsdbcl

  • MD5

    eff7b76160e2b43f723ed55925376133

  • SHA1

    214c8c0b3d7c898e415778985d7ce11da7615da5

  • SHA256

    8c8bc051a42578631ab04380a0daef57e67abd8cf1a272e75213285929a74c5e

  • SHA512

    58cc3b35376572f6bd10a59cf24fb45a5f13f40f8052b8b7bd7d1032b7e4f9e1a4624242e6281458fd0e829df77e7410cf037ddcb1461dccedc640494e74df2a

  • SSDEEP

    196608:qW6EaHc9MZoA6Sv1A9d+EMep3MB8dNcb:563Hs5NbMe9MubY

Score
10/10
dcratinfostealerpyinstallerrat

Malware Config

Targets

    • Target

      EFF7B76160E2B43F723ED55925376133.exe

    • Size

      11.2MB

    • MD5

      eff7b76160e2b43f723ed55925376133

    • SHA1

      214c8c0b3d7c898e415778985d7ce11da7615da5

    • SHA256

      8c8bc051a42578631ab04380a0daef57e67abd8cf1a272e75213285929a74c5e

    • SHA512

      58cc3b35376572f6bd10a59cf24fb45a5f13f40f8052b8b7bd7d1032b7e4f9e1a4624242e6281458fd0e829df77e7410cf037ddcb1461dccedc640494e74df2a

    • SSDEEP

      196608:qW6EaHc9MZoA6Sv1A9d+EMep3MB8dNcb:563Hs5NbMe9MubY

    Score
    10/10
    dcratinfostealerpyinstallerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks