Overview

overview

10

Static

static

10

69c5ea0a44...0N.exe

windows7-x64

10

69c5ea0a44...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69c5ea0a44027e82bab6de842c2736e0N.exe

  • Size

    2.6MB

  • Sample

    240725-ecs8dszdjg

  • MD5

    69c5ea0a44027e82bab6de842c2736e0

  • SHA1

    f9fca090c82aa851b94b6cb3f6a8e59d1eaf46ce

  • SHA256

    b26bd1c0f18de40e6123428988234b21640203431c5f66e2d602e805511f9e79

  • SHA512

    de370686ce72d5d4b42b9c445eab8bcc5f6ef0dd27d2e5e59dfc24fcb052e7ea4869fc690873b637bdc56ad363bf3c87a6a2e769aab2e9c4ec29a076d1dc9f6f

  • SSDEEP

    49152:UbA303peNkzjI6lp/5xblQ94oT4mbaUpCVvUwi2FUTGWK/ZJ8PFjw:UblYo/5xbGTT4J3VvRi5TGWsadw

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      69c5ea0a44027e82bab6de842c2736e0N.exe

    • Size

      2.6MB

    • MD5

      69c5ea0a44027e82bab6de842c2736e0

    • SHA1

      f9fca090c82aa851b94b6cb3f6a8e59d1eaf46ce

    • SHA256

      b26bd1c0f18de40e6123428988234b21640203431c5f66e2d602e805511f9e79

    • SHA512

      de370686ce72d5d4b42b9c445eab8bcc5f6ef0dd27d2e5e59dfc24fcb052e7ea4869fc690873b637bdc56ad363bf3c87a6a2e769aab2e9c4ec29a076d1dc9f6f

    • SSDEEP

      49152:UbA303peNkzjI6lp/5xblQ94oT4mbaUpCVvUwi2FUTGWK/ZJ8PFjw:UblYo/5xbGTT4J3VvRi5TGWsadw

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks