Overview

overview

10

Static

static

10

d380ab0629...98.exe

windows7-x64

10

d380ab0629...98.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d380ab06298ba654391242296c594720ec2cdbb8e28b42ea5a28b2ff894ac098

  • Size

    1.1MB

  • Sample

    241004-xqf44a1blj

  • MD5

    5f38ad274718c3262d27ab832490c194

  • SHA1

    67ed4403196c9da6a34dc99173049fe7b5d2762a

  • SHA256

    d380ab06298ba654391242296c594720ec2cdbb8e28b42ea5a28b2ff894ac098

  • SHA512

    6e1615d0e57db4b78cec17e8a322c4086267456a4216332aba4217da628061848bcbe30d7470c24d282b3b31599f26737bf2c334a8e06c490f057ebc9a6a3b78

  • SSDEEP

    24576:QXRXTkk9tBZxs5A3QSXQo6sQX/zukzM9S/:SRXnJRgqyLukqS

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      d380ab06298ba654391242296c594720ec2cdbb8e28b42ea5a28b2ff894ac098

    • Size

      1.1MB

    • MD5

      5f38ad274718c3262d27ab832490c194

    • SHA1

      67ed4403196c9da6a34dc99173049fe7b5d2762a

    • SHA256

      d380ab06298ba654391242296c594720ec2cdbb8e28b42ea5a28b2ff894ac098

    • SHA512

      6e1615d0e57db4b78cec17e8a322c4086267456a4216332aba4217da628061848bcbe30d7470c24d282b3b31599f26737bf2c334a8e06c490f057ebc9a6a3b78

    • SSDEEP

      24576:QXRXTkk9tBZxs5A3QSXQo6sQX/zukzM9S/:SRXnJRgqyLukqS

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks