Overview

overview

10

Static

static

10

b7c3123301...KI.exe

windows7-x64

10

b7c3123301...KI.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b7c3123301aacc8aa43b3df96b2b4e00_NEIKI

  • Size

    1.1MB

  • Sample

    240509-bhkxeshh3v

  • MD5

    b7c3123301aacc8aa43b3df96b2b4e00

  • SHA1

    fddb84b2ebe7fd6c8d1de9db5433b1d682d8a77e

  • SHA256

    f7e5f8da873729cb302bef684f53e65fb94bf0bcb74702cf9ef666be82feda93

  • SHA512

    4f43f971f23efc38d1ab13a7b414f5c211d2154783444978d2c3e5c7a97295e8627f795b18b492396c6950c562de28fde76f5626e7dfc8b7ac3b3928c50a0bd8

  • SSDEEP

    24576:6ADdteLS1VO6wLVqq0aJSw69voIN7y7Di0:cE86MVX/SwHmf

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      b7c3123301aacc8aa43b3df96b2b4e00_NEIKI

    • Size

      1.1MB

    • MD5

      b7c3123301aacc8aa43b3df96b2b4e00

    • SHA1

      fddb84b2ebe7fd6c8d1de9db5433b1d682d8a77e

    • SHA256

      f7e5f8da873729cb302bef684f53e65fb94bf0bcb74702cf9ef666be82feda93

    • SHA512

      4f43f971f23efc38d1ab13a7b414f5c211d2154783444978d2c3e5c7a97295e8627f795b18b492396c6950c562de28fde76f5626e7dfc8b7ac3b3928c50a0bd8

    • SSDEEP

      24576:6ADdteLS1VO6wLVqq0aJSw69voIN7y7Di0:cE86MVX/SwHmf

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks