Overview

overview

10

Static

static

3

4662fe6f5c...63.exe

windows7-x64

10

4662fe6f5c...63.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4662fe6f5c51595aebafd8121ec36063.exe

  • Size

    2.9MB

  • Sample

    240521-xyssvsff21

  • MD5

    4662fe6f5c51595aebafd8121ec36063

  • SHA1

    0659d4c5fbd528ca0029f59c592e7977cb3961c4

  • SHA256

    58ecc731f0d4cf939a83cc33adb8c2107c5e10b9171b87c6a901b2ee0275a6e5

  • SHA512

    97cf55835e85bf4663112e2c8e8298f0dea4592253c57c50576a12e25b323915ad1bbce1337dca01d771d3c080b9b7b88a48f5b8facdfb2040c65208b21e7828

  • SSDEEP

    49152:6ZB1G8Y5JpDd0Tv4DmBPO6XXb2m5NtmkGzNgL9eqTHhAL24LvXKpFhkgDoba18sM:g3G7Dd24a95qRgoShmLv+DUap8

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      4662fe6f5c51595aebafd8121ec36063.exe

    • Size

      2.9MB

    • MD5

      4662fe6f5c51595aebafd8121ec36063

    • SHA1

      0659d4c5fbd528ca0029f59c592e7977cb3961c4

    • SHA256

      58ecc731f0d4cf939a83cc33adb8c2107c5e10b9171b87c6a901b2ee0275a6e5

    • SHA512

      97cf55835e85bf4663112e2c8e8298f0dea4592253c57c50576a12e25b323915ad1bbce1337dca01d771d3c080b9b7b88a48f5b8facdfb2040c65208b21e7828

    • SSDEEP

      49152:6ZB1G8Y5JpDd0Tv4DmBPO6XXb2m5NtmkGzNgL9eqTHhAL24LvXKpFhkgDoba18sM:g3G7Dd24a95qRgoShmLv+DUap8

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks