Overview

overview

10

Static

static

3

63144ff5a6...0N.exe

windows7-x64

10

63144ff5a6...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63144ff5a65e776313c9cb44da25a200N.exe

  • Size

    608KB

  • Sample

    240725-dtmaqsydlc

  • MD5

    63144ff5a65e776313c9cb44da25a200

  • SHA1

    31e41d70fc55af771446bf4f879afbd809b6a7df

  • SHA256

    1b9e9cca2dcab6f35d56f397ad17aaf66dbdb7984834b9f8c26f094a2f0f763f

  • SHA512

    a32bbcb9b8799fc542cb1b0a5a1b6fceec3471d996fdeae965aa2a3860914fdaa4a64725f02221959d0a0a26fc13d8f23edf392baca4e04f34d0d2e6054c52cb

  • SSDEEP

    12288:jpoIY///1UFAe3kB0xazM6WZuS20IFpdO4WrzJjPt4mFBYU:CIY/YSQOjWZuWI84uJjhBY

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      63144ff5a65e776313c9cb44da25a200N.exe

    • Size

      608KB

    • MD5

      63144ff5a65e776313c9cb44da25a200

    • SHA1

      31e41d70fc55af771446bf4f879afbd809b6a7df

    • SHA256

      1b9e9cca2dcab6f35d56f397ad17aaf66dbdb7984834b9f8c26f094a2f0f763f

    • SHA512

      a32bbcb9b8799fc542cb1b0a5a1b6fceec3471d996fdeae965aa2a3860914fdaa4a64725f02221959d0a0a26fc13d8f23edf392baca4e04f34d0d2e6054c52cb

    • SSDEEP

      12288:jpoIY///1UFAe3kB0xazM6WZuS20IFpdO4WrzJjPt4mFBYU:CIY/YSQOjWZuWI84uJjhBY

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks