Overview

overview

10

Static

static

3

a85feae081...2N.exe

windows7-x64

10

a85feae081...2N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a85feae08162e526db1381be09b915954a98509b096f2dcf0e904e603fa0f8c2N.exe

  • Size

    1.5MB

  • Sample

    241123-nbmhwstmg1

  • MD5

    9770460ff21f1c18e4ca3e0bfe3767e0

  • SHA1

    67aaf668b810575f2dde75bac1fbb40c602c2eae

  • SHA256

    a85feae08162e526db1381be09b915954a98509b096f2dcf0e904e603fa0f8c2

  • SHA512

    c8a1718efb86e3353b0a991b3c57a531769cac3a47411a0e8e07b9441bdced564a1e90664c8ac3a52c76a0415b19bd61b8f82a1a53da171216ad2bf278bf87d8

  • SSDEEP

    49152:/AfYoKy2QirSS9NqgWw8L0M5LLjfan+2QAbv+:yobSS/qHw8oWjf1w+

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      a85feae08162e526db1381be09b915954a98509b096f2dcf0e904e603fa0f8c2N.exe

    • Size

      1.5MB

    • MD5

      9770460ff21f1c18e4ca3e0bfe3767e0

    • SHA1

      67aaf668b810575f2dde75bac1fbb40c602c2eae

    • SHA256

      a85feae08162e526db1381be09b915954a98509b096f2dcf0e904e603fa0f8c2

    • SHA512

      c8a1718efb86e3353b0a991b3c57a531769cac3a47411a0e8e07b9441bdced564a1e90664c8ac3a52c76a0415b19bd61b8f82a1a53da171216ad2bf278bf87d8

    • SSDEEP

      49152:/AfYoKy2QirSS9NqgWw8L0M5LLjfan+2QAbv+:yobSS/qHw8oWjf1w+

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks