Overview

overview

10

Static

static

10

nurusltan fix.exe

windows7-x64

10

nurusltan fix.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nurusltan fix.exe

  • Size

    1.1MB

  • Sample

    240603-qblygagg66

  • MD5

    0f353cf4b6e0fa3ec3c7bd6ba53eaff8

  • SHA1

    8c54eff890e1923b788f33dabc135dd6db859c79

  • SHA256

    fd18e5242413a22ef180736d054660b59d901c096fbd7b2f22b02b3b170da7b0

  • SHA512

    69c681a47a1313155f8536dcd9a14bc999a0f7f82ca8e20dcb2de3589599d0cadee495f2a91e5cb49dcad83a3b961bcbae1957ef45a8ead6384fd3d0b3c05199

  • SSDEEP

    24576:U2G/nvxW3Ww0t0zhLLXo2JkLajcBo6EFiUGxjt:UbA300zhAfScBxEyxZ

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      nurusltan fix.exe

    • Size

      1.1MB

    • MD5

      0f353cf4b6e0fa3ec3c7bd6ba53eaff8

    • SHA1

      8c54eff890e1923b788f33dabc135dd6db859c79

    • SHA256

      fd18e5242413a22ef180736d054660b59d901c096fbd7b2f22b02b3b170da7b0

    • SHA512

      69c681a47a1313155f8536dcd9a14bc999a0f7f82ca8e20dcb2de3589599d0cadee495f2a91e5cb49dcad83a3b961bcbae1957ef45a8ead6384fd3d0b3c05199

    • SSDEEP

      24576:U2G/nvxW3Ww0t0zhLLXo2JkLajcBo6EFiUGxjt:UbA300zhAfScBxEyxZ

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks