Overview

overview

10

Static

static

10

38b9cc3cca...26.exe

windows7-x64

10

38b9cc3cca...26.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38b9cc3ccae02c270e3d62e62e3b3b40e90ad7f898372b8a5035445ba32f4b26

  • Size

    675KB

  • Sample

    241104-sv8bxs1ngz

  • MD5

    314420bac969bcfb9510a0e8cc3686d6

  • SHA1

    66f1d0a60a2727970476a105c88883f37270e30f

  • SHA256

    38b9cc3ccae02c270e3d62e62e3b3b40e90ad7f898372b8a5035445ba32f4b26

  • SHA512

    debf908add95aa0849451aef830e5e71724247d352dcb5dad6b02dca0d54e4e915a9430de80d970a4e7ef3749eb2fc7c6fa7839348d84f546d5934d713e7569c

  • SSDEEP

    12288:C9X1yJ7/pZY7fiCI/YBfULiXPrQfkXmm1RhdLB9XFy+nM6D+:CVc7EaCQYBfcE1ZM6D+

Score
10/10
dcratinfostealerratspywarestealer

Malware Config

Targets

    • Target

      38b9cc3ccae02c270e3d62e62e3b3b40e90ad7f898372b8a5035445ba32f4b26

    • Size

      675KB

    • MD5

      314420bac969bcfb9510a0e8cc3686d6

    • SHA1

      66f1d0a60a2727970476a105c88883f37270e30f

    • SHA256

      38b9cc3ccae02c270e3d62e62e3b3b40e90ad7f898372b8a5035445ba32f4b26

    • SHA512

      debf908add95aa0849451aef830e5e71724247d352dcb5dad6b02dca0d54e4e915a9430de80d970a4e7ef3749eb2fc7c6fa7839348d84f546d5934d713e7569c

    • SSDEEP

      12288:C9X1yJ7/pZY7fiCI/YBfULiXPrQfkXmm1RhdLB9XFy+nM6D+:CVc7EaCQYBfcE1ZM6D+

    Score
    10/10
    dcratinfostealerratspywarestealer

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • DCRat payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks