Overview

overview

10

Static

static

10

b01c6743c3...fb.exe

windows7-x64

10

b01c6743c3...fb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b01c6743c332dac114f0126e5b03a64aca44b02cc1168f381bbec7f1d7d713fb.exe

  • Size

    827KB

  • Sample

    240625-b5ec6atfje

  • MD5

    582c913be188005eda626aa5b6934e64

  • SHA1

    da0e36b1d48501386a2392c801dd5401946a3450

  • SHA256

    b01c6743c332dac114f0126e5b03a64aca44b02cc1168f381bbec7f1d7d713fb

  • SHA512

    b9a9d60263b0a24317e2ec3842165da52a4c747684276a4ca90a780ec32e2f3fc2d52a60304d05f2d4e22f6eb3fb5432adbf38dfff3e5c647a5f187ce9d3b495

  • SSDEEP

    12288:azqajGp5VwujJnmtVHGJQChr6UHR4leVr8+VA7qHnkGyTbJ9fztDsJUU:azqaji+uj5mtRCherled8+6ocVNzlsH

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      b01c6743c332dac114f0126e5b03a64aca44b02cc1168f381bbec7f1d7d713fb.exe

    • Size

      827KB

    • MD5

      582c913be188005eda626aa5b6934e64

    • SHA1

      da0e36b1d48501386a2392c801dd5401946a3450

    • SHA256

      b01c6743c332dac114f0126e5b03a64aca44b02cc1168f381bbec7f1d7d713fb

    • SHA512

      b9a9d60263b0a24317e2ec3842165da52a4c747684276a4ca90a780ec32e2f3fc2d52a60304d05f2d4e22f6eb3fb5432adbf38dfff3e5c647a5f187ce9d3b495

    • SSDEEP

      12288:azqajGp5VwujJnmtVHGJQChr6UHR4leVr8+VA7qHnkGyTbJ9fztDsJUU:azqaji+uj5mtRCherled8+6ocVNzlsH

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks