Overview

overview

10

Static

static

10

79dae0f514...26.exe

windows7-x64

10

79dae0f514...26.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79dae0f514b2233117f467b8853affc5c050e71621761b5bca2a7f002c1ca526.exe

  • Size

    1001KB

  • Sample

    241107-c6cfmawlcn

  • MD5

    5313e2143d6c1f978638038f19f29e6b

  • SHA1

    c70695edf05d60e4726fcdd905ff23248b7ba1dd

  • SHA256

    79dae0f514b2233117f467b8853affc5c050e71621761b5bca2a7f002c1ca526

  • SHA512

    1b6293810afd89fee0b93a73a6ae73844677f98a7e1cff389637d56dbf908e2f20556765cb95d77156fd704c154f224920bec666deb23b5972b9ed0dcdb4e76b

  • SSDEEP

    12288:9gSCIO3J+/FC3kveKD/FefpE/PZpaf0UPIvJ+0DELw4X7x2tTtUG4:9xCIOgFC3kveIFnPMhG3EEOAvUG4

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      79dae0f514b2233117f467b8853affc5c050e71621761b5bca2a7f002c1ca526.exe

    • Size

      1001KB

    • MD5

      5313e2143d6c1f978638038f19f29e6b

    • SHA1

      c70695edf05d60e4726fcdd905ff23248b7ba1dd

    • SHA256

      79dae0f514b2233117f467b8853affc5c050e71621761b5bca2a7f002c1ca526

    • SHA512

      1b6293810afd89fee0b93a73a6ae73844677f98a7e1cff389637d56dbf908e2f20556765cb95d77156fd704c154f224920bec666deb23b5972b9ed0dcdb4e76b

    • SSDEEP

      12288:9gSCIO3J+/FC3kveKD/FefpE/PZpaf0UPIvJ+0DELw4X7x2tTtUG4:9xCIOgFC3kveIFnPMhG3EEOAvUG4

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks