Overview

overview

10

Static

static

10

WebReview.exe

windows7-x64

10

WebReview.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WebReview.exe

  • Size

    828KB

  • Sample

    241129-tcw2lsykgp

  • MD5

    deb7ba77dcf2e54fb23d1a9b0e51088d

  • SHA1

    6468abad160c22594fc014d948963ba4a8565074

  • SHA256

    05b123c99c5736a62f1cfd6bc6a9335a533849fe663d875d20ece0caca82e077

  • SHA512

    18cedb50ceab47fed77100586bbb68692d82e4d3afe59815e0fb0d7c88677362756d2bcdc3003f0e6e1b2a3edff36ac450a9864d4d64ef5218612bc86e538de2

  • SSDEEP

    12288:GKLmyuewe+aR5pDIBqIBpoAmxkPnGZKYKvwdUyBWwKoX6t:GoBuQ+I5p5qpLhu33BWwXqt

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      WebReview.exe

    • Size

      828KB

    • MD5

      deb7ba77dcf2e54fb23d1a9b0e51088d

    • SHA1

      6468abad160c22594fc014d948963ba4a8565074

    • SHA256

      05b123c99c5736a62f1cfd6bc6a9335a533849fe663d875d20ece0caca82e077

    • SHA512

      18cedb50ceab47fed77100586bbb68692d82e4d3afe59815e0fb0d7c88677362756d2bcdc3003f0e6e1b2a3edff36ac450a9864d4d64ef5218612bc86e538de2

    • SSDEEP

      12288:GKLmyuewe+aR5pDIBqIBpoAmxkPnGZKYKvwdUyBWwKoX6t:GoBuQ+I5p5qpLhu33BWwXqt

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks