Overview

overview

10

Static

static

10

508d115be5...44.exe

windows7-x64

10

508d115be5...44.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    508d115be5f183459c665d7dd46f9144.exe

  • Size

    826KB

  • Sample

    240624-tf7bra1ald

  • MD5

    508d115be5f183459c665d7dd46f9144

  • SHA1

    917dbc17f5740b8d3e2d474ed8b5afd707ca484c

  • SHA256

    c256c14f18b99aaec41de75cf7d9257abd6ea08042e46e4ab88e2c83bd9a3b0f

  • SHA512

    ed388cb91e3c536d9940aeaa78177f55b8c7a0fa5011ba32bd15694acf44f23bb329c45f439356928f505b7cd36d04a09eb21b9e167c1ec6a3d02f8a796b8e5d

  • SSDEEP

    12288:sfi/8I+wAJPSpn/9fZOlq++Remp23HqoHVmnp5bC/WGFH:AI+wAUpn1Zeq++RVkXLEpoDN

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      508d115be5f183459c665d7dd46f9144.exe

    • Size

      826KB

    • MD5

      508d115be5f183459c665d7dd46f9144

    • SHA1

      917dbc17f5740b8d3e2d474ed8b5afd707ca484c

    • SHA256

      c256c14f18b99aaec41de75cf7d9257abd6ea08042e46e4ab88e2c83bd9a3b0f

    • SHA512

      ed388cb91e3c536d9940aeaa78177f55b8c7a0fa5011ba32bd15694acf44f23bb329c45f439356928f505b7cd36d04a09eb21b9e167c1ec6a3d02f8a796b8e5d

    • SSDEEP

      12288:sfi/8I+wAJPSpn/9fZOlq++Remp23HqoHVmnp5bC/WGFH:AI+wAUpn1Zeq++RVkXLEpoDN

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks