Overview

overview

10

Static

static

10

1.exe

windows7-x64

10

1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.exe

  • Size

    2.6MB

  • Sample

    240724-ychlfatdkj

  • MD5

    d33fd82b32895cb0552b9c6dad9b3435

  • SHA1

    a3117af86755a70fbaebdb2c8d27ac06e9dd777f

  • SHA256

    af58caae16d4efcf211bdc1ab7830e6c27d5bce03e6fd2fd7c59901f40c75ce2

  • SHA512

    fa72d7aebdf5e6b5e5d855a1f169854f82227490b18b573934f17a40ff5592a6a5d9364f2d9dc0da0200fdc1433fc104ada83bf75233860d51fc30af76ef248f

  • SSDEEP

    49152:UbA30NVKXoZA5f48GoTA2fIirWmSIECusCjsAOoP2BTl4yJEmt:UbRVigA5w8Gx26XwCcztJEmt

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      1.exe

    • Size

      2.6MB

    • MD5

      d33fd82b32895cb0552b9c6dad9b3435

    • SHA1

      a3117af86755a70fbaebdb2c8d27ac06e9dd777f

    • SHA256

      af58caae16d4efcf211bdc1ab7830e6c27d5bce03e6fd2fd7c59901f40c75ce2

    • SHA512

      fa72d7aebdf5e6b5e5d855a1f169854f82227490b18b573934f17a40ff5592a6a5d9364f2d9dc0da0200fdc1433fc104ada83bf75233860d51fc30af76ef248f

    • SSDEEP

      49152:UbA30NVKXoZA5f48GoTA2fIirWmSIECusCjsAOoP2BTl4yJEmt:UbRVigA5w8Gx26XwCcztJEmt

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks