Overview

overview

10

Static

static

10

2519412bd4...51.exe

windows7-x64

10

2519412bd4...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2519412bd469ce3de2888aa487be8f51.exe

  • Size

    828KB

  • Sample

    240423-zgek1sbe9y

  • MD5

    2519412bd469ce3de2888aa487be8f51

  • SHA1

    91dd80c942023f360e81e27f4964504acb9bc4c5

  • SHA256

    7e98baea7a5b0d51143910cde4c5503ae15d55d6f88b4b840ae7fe79469ed12f

  • SHA512

    5eb1f509f16079cc1b56057edb2a6aff7f44ec3ce01543bd1dc0f7ce1a6408bc691fa3311aad814a10b41ab888d5eaa1a05cf2af61472b533e6382374d4d99b2

  • SSDEEP

    12288:8qefeFkk8I2xKhgvmPsneK9Qbj9TZNkpEvdJkCoG+tanmS:7kVI2xKhgBKpTZNtdOl/tamS

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      2519412bd469ce3de2888aa487be8f51.exe

    • Size

      828KB

    • MD5

      2519412bd469ce3de2888aa487be8f51

    • SHA1

      91dd80c942023f360e81e27f4964504acb9bc4c5

    • SHA256

      7e98baea7a5b0d51143910cde4c5503ae15d55d6f88b4b840ae7fe79469ed12f

    • SHA512

      5eb1f509f16079cc1b56057edb2a6aff7f44ec3ce01543bd1dc0f7ce1a6408bc691fa3311aad814a10b41ab888d5eaa1a05cf2af61472b533e6382374d4d99b2

    • SSDEEP

      12288:8qefeFkk8I2xKhgvmPsneK9Qbj9TZNkpEvdJkCoG+tanmS:7kVI2xKhgBKpTZNtdOl/tamS

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks