Overview

overview

10

Static

static

10

kantexec/WpfApp4.exe

windows7-x64

3

kantexec/WpfApp4.exe

windows10-2004-x64

3

kantexec/b...ld.exe

windows7-x64

10

kantexec/b...ld.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    kantexec.zip

  • Size

    1004KB

  • Sample

    241109-28l6aavama

  • MD5

    b29eb79e9e5833138b03c20ee0bcc159

  • SHA1

    e5d55e6008d266a9d51d77348065623c1514acd2

  • SHA256

    894cce94dbcc908089a36e96c3e7c374cca5f43aba6a0cb74ca27c40d185a907

  • SHA512

    89ee189e4279d4e24cfe861a3f1f80721d2a18a5bc114033feaebdb61aefc7c011b26253d6c44e34799850ddacfdff16e27dcc0d23219adc8114748f43466ef0

  • SSDEEP

    24576:y9XZ3vFnbWFx5+/XKrHUdMiF/K7P4SoqTMlxnqTMlx0:WbWFxef8P4SZMlxSMlx0

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      kantexec/WpfApp4.exe

    • Size

      219KB

    • MD5

      4a121ca26351317ecbba38e42e5ff0cd

    • SHA1

      6a6fe4b59d7c5211b171c4246fe00619ac9e2ccc

    • SHA256

      7fb04ed483ff4b5bb5088a0f2375097212d612386101acf0003aa6fd02bb75fa

    • SHA512

      ea2604f0e4f3a6939a28eb5af0382fe206a6d61760221970a9b3bd038685c57812d507c9365d1f0b1ca822d9b2b4bb5be1ab9e423c42da896b2a6bc91c476cf7

    • SSDEEP

      6144:dDKW1Lgbdl0TBBvjc/UjM0oTbYtwTBzuUa:Vh1Lk70TnvjccjM0q4ahpa

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      kantexec/bin/fle/bld.kant

    • Size

      1.1MB

    • MD5

      195631c05d811cd6c6ce8a62455fb8cb

    • SHA1

      98bc3a80ef3b71823967a5662ed143a8334c0989

    • SHA256

      25ae9b23539555ad289637980a71bf07d719e1d13028a0623d39b2fb679e836b

    • SHA512

      10074d4b8028409fb54c4465d1b3b2388396dbf6c4be0204738d40f1f90e59a9389ffb0f4085cf37c3272a515588fdd7134decbb473bcdd87ac4394ceadd5c95

    • SSDEEP

      24576:u2G/nvxW3WieCDgW7kHiFYf2e8A7mMpgjMZjiBltlXy2CN1J:ubA3j8W7klrX/ho1u

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks