Overview

overview

10

Static

static

10

11DA048860...23.exe

windows7-x64

10

11DA048860...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11DA048860021B6C22E171032E48B023.exe

  • Size

    1.1MB

  • Sample

    241125-fmadpswjfl

  • MD5

    11da048860021b6c22e171032e48b023

  • SHA1

    b3b636a8bd17223454b4522fdbdb4863e0c4a565

  • SHA256

    c0d51cad38cd578ac0f62737185d0e15184843b8a118bb978d11d9e86998eef3

  • SHA512

    09b8bc3f1fa034d28a14e0fc5e44722ee84cfd9b32dc7887674100d967b3c9232d7ae42156c8d45050ea781ba87a3ee29a54bfc04bef98c6e5f6d9123444509f

  • SSDEEP

    24576:U2G/nvxW3Ww0tpI7rd5XFM2cxARnZ0S/J1:UbA30pILXZjv

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      11DA048860021B6C22E171032E48B023.exe

    • Size

      1.1MB

    • MD5

      11da048860021b6c22e171032e48b023

    • SHA1

      b3b636a8bd17223454b4522fdbdb4863e0c4a565

    • SHA256

      c0d51cad38cd578ac0f62737185d0e15184843b8a118bb978d11d9e86998eef3

    • SHA512

      09b8bc3f1fa034d28a14e0fc5e44722ee84cfd9b32dc7887674100d967b3c9232d7ae42156c8d45050ea781ba87a3ee29a54bfc04bef98c6e5f6d9123444509f

    • SSDEEP

      24576:U2G/nvxW3Ww0tpI7rd5XFM2cxARnZ0S/J1:UbA30pILXZjv

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks