Overview

overview

10

Static

static

10

5e4b3a3218...3d.exe

windows7-x64

10

5e4b3a3218...3d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e4b3a32189d7f55b2c56d5b11e9133d.exe

  • Size

    829KB

  • Sample

    240628-hjmkzawdnb

  • MD5

    5e4b3a32189d7f55b2c56d5b11e9133d

  • SHA1

    059b5b2d41eecd9dbb07df2a48d18cfbe5da8adc

  • SHA256

    e6ddaf0c8b2376d754748ee5c7ad95dab9581a7cbed3f5a922bd89281ddef223

  • SHA512

    1cc95f47bca7a5e593dfc76ef74f286127bc1c1543e1defaedf6b65a139ec5f56aab18df894776cd232f5e42923b151dd7e9a7205e2887aa470eea335b423e18

  • SSDEEP

    12288:X0BDvIEuo3y3ImqQtETpYwz7nHCfJTZUuVaI7mTN1hwULJ0heC8:XOvI7o3yIQtETpYo7nIJTgIazLJ0c

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      5e4b3a32189d7f55b2c56d5b11e9133d.exe

    • Size

      829KB

    • MD5

      5e4b3a32189d7f55b2c56d5b11e9133d

    • SHA1

      059b5b2d41eecd9dbb07df2a48d18cfbe5da8adc

    • SHA256

      e6ddaf0c8b2376d754748ee5c7ad95dab9581a7cbed3f5a922bd89281ddef223

    • SHA512

      1cc95f47bca7a5e593dfc76ef74f286127bc1c1543e1defaedf6b65a139ec5f56aab18df894776cd232f5e42923b151dd7e9a7205e2887aa470eea335b423e18

    • SSDEEP

      12288:X0BDvIEuo3y3ImqQtETpYwz7nHCfJTZUuVaI7mTN1hwULJ0heC8:XOvI7o3yIQtETpYo7nIJTgIazLJ0c

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks