Overview

overview

10

Static

static

10

Modrinth I...er.exe

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Modrinth Installer.exe

  • Size

    6.6MB

  • Sample

    240708-2hf7caselm

  • MD5

    626111e7e767cb32a4f5b48808a7913f

  • SHA1

    8db25557b50430b884ac5ee30053ebb23b9f5bf7

  • SHA256

    9dc9219eb1d893ac2566607a5c013b7da0761418520795d9828cb76495c7dda7

  • SHA512

    1899d4b38db8abe8c836e905308d0cf26c447ef895a91a3fc15428d11ef967dd848b0a05934903bd26c45ebcba4ad423a8f7dcae6c756a3a6d9bdf6ba42ffb52

  • SSDEEP

    196608:sTyZ3n/HMlS2JxmYcmcg7XGqb6Msq51GP6:53/slSDVoXGe1GC

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      Modrinth Installer.exe

    • Size

      6.6MB

    • MD5

      626111e7e767cb32a4f5b48808a7913f

    • SHA1

      8db25557b50430b884ac5ee30053ebb23b9f5bf7

    • SHA256

      9dc9219eb1d893ac2566607a5c013b7da0761418520795d9828cb76495c7dda7

    • SHA512

      1899d4b38db8abe8c836e905308d0cf26c447ef895a91a3fc15428d11ef967dd848b0a05934903bd26c45ebcba4ad423a8f7dcae6c756a3a6d9bdf6ba42ffb52

    • SSDEEP

      196608:sTyZ3n/HMlS2JxmYcmcg7XGqb6Msq51GP6:53/slSDVoXGe1GC

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks