darktrack | 7e1c4d02e4dc294be0ffff2ebccbc4975713bc14984a904a0acf657ff422d605 | Triage

Sharing

General

Target

7e1c4d02e4dc294be0ffff2ebccbc4975713bc14984a904a0acf657ff422d605
Size

2.1MB
Sample

240725-myhyjsxekf
MD5

d92740f07a25bb928abae9abe140169a
SHA1

c20671175e034bb2ac977ef1390d9bc7d3ea0d28
SHA256

7e1c4d02e4dc294be0ffff2ebccbc4975713bc14984a904a0acf657ff422d605
SHA512

40036a391331bf9ee343aa96a4cd4f22598b2a7533440f8182ebfafcdc9d051f0def7d840800689490eac5d39b5fa20178dc7f870dddc4274f9a7c5bc817a9c5
SSDEEP

49152:DDcifOR181OrAdiiAojFrHLsPazEzHEOtkwTfljaRRsjHyTpo3U:D/8WO8diiXBrHL2a8HnTNjarsjHQv

Score

10^/10

darktrack discovery rat stealer

Malware Config

Targets

- Target
  
  7e1c4d02e4dc294be0ffff2ebccbc4975713bc14984a904a0acf657ff422d605
- Size
  
  2.1MB
- MD5
  
  d92740f07a25bb928abae9abe140169a
- SHA1
  
  c20671175e034bb2ac977ef1390d9bc7d3ea0d28
- SHA256
  
  7e1c4d02e4dc294be0ffff2ebccbc4975713bc14984a904a0acf657ff422d605
- SHA512
  
  40036a391331bf9ee343aa96a4cd4f22598b2a7533440f8182ebfafcdc9d051f0def7d840800689490eac5d39b5fa20178dc7f870dddc4274f9a7c5bc817a9c5
- SSDEEP
  
  49152:DDcifOR181OrAdiiAojFrHLsPazEzHEOtkwTfljaRRsjHyTpo3U:D/8WO8diiXBrHL2a8HnTNjarsjHQv
Score

10^/10

darktrack discovery rat stealer
- DarkTrack
  DarkTrack is a remote administration tool written in delphi.
  rat stealer darktrack
- DarkTrack payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  ⌚/Copy_trydovoj.docx
- Size
  
  1.5MB
- MD5
  
  789497a9ff0bd7df99aa662f512c6856
- SHA1
  
  f69cec1046f8e59983fd8cfcae867926495fadd6
- SHA256
  
  8646226f4b2b2b96d5e31d4daae0ac5484edc2a7759297e0f63a06358ea61a38
- SHA512
  
  71442dec98b3ec16f94ec07380087370c72a48532398f893a9324081f7560f7c620b549770b97356fe5400f6ef7e4935b6339d477298be13966c06f1f5065205
- SSDEEP
  
  49152:H+mxBf5HVPjLYdqN5/11ybKbzM1yZyidw0V5Ufzpct/rmmrx:ljRVPhN5/11ybazXIDlQbx
Score

1^/10
behavioral3 behavioral4
- Target
  
  ⌚/vvp_huilo.exe
- Size
  
  623KB
- MD5
  
  2d3d077b9f62618ab75ee6dac00c7b25
- SHA1
  
  85ec19ebb93bbc417694b9631bcfc0c11fd8c704
- SHA256
  
  b4564c85bf766afd5067294158521bbc92488041b1b7c363ee93420b463f7037
- SHA512
  
  3d58debf4f798f619e53ed64e5c937f392759d34fcaf4e5d74dcdbccece026fbe0ad80d2386d54767a08b78e877bfaa4cdae79ec201763a41c1d07ed96c2301d
- SSDEEP
  
  12288:XMCI25UIxMYwR4G/nEJtOIUG/Vx0ucgoqZVyTFe7OX+Sal:8qGYwBnatLUevcSZVak7OXsl
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darktrackdiscoveryratstealer

behavioral2

darktrackdiscoveryratstealer

behavioral3

behavioral4

behavioral5

behavioral6