Overview

overview

10

Static

static

3

fcaf02b6fa...18.exe

windows7-x64

7

fcaf02b6fa...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcaf02b6fabfd8432417befde16f26ac_JaffaCakes118

  • Size

    14.6MB

  • Sample

    240420-nrdkxsgc3z

  • MD5

    fcaf02b6fabfd8432417befde16f26ac

  • SHA1

    a48650e4c45e59be8f31d927aa22a52eb8d21eb1

  • SHA256

    2f9c8d486b3bf2191829cef60339da2bec644fcd1b578cffde7a910b17ca8d0a

  • SHA512

    aa15c4a715fbdf0e5d2aa95442d0e7476643034b12bc061d7a9dd1a2ed840bcf407210c69589c5b2c00c66475e2af1ca21e357c368207d5c94833e9834cb4da7

  • SSDEEP

    98304:f19swT8KfHkpvVkBUp56DJ4hxmH1F32iZU8Usu4:f/7ZAv2kt3s3rT

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      fcaf02b6fabfd8432417befde16f26ac_JaffaCakes118

    • Size

      14.6MB

    • MD5

      fcaf02b6fabfd8432417befde16f26ac

    • SHA1

      a48650e4c45e59be8f31d927aa22a52eb8d21eb1

    • SHA256

      2f9c8d486b3bf2191829cef60339da2bec644fcd1b578cffde7a910b17ca8d0a

    • SHA512

      aa15c4a715fbdf0e5d2aa95442d0e7476643034b12bc061d7a9dd1a2ed840bcf407210c69589c5b2c00c66475e2af1ca21e357c368207d5c94833e9834cb4da7

    • SSDEEP

      98304:f19swT8KfHkpvVkBUp56DJ4hxmH1F32iZU8Usu4:f/7ZAv2kt3s3rT

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks