Overview

overview

10

Static

static

10

6bf4772cae...bN.exe

windows7-x64

10

6bf4772cae...bN.exe

windows10-2004-x64

10

⌚/Accur....1.exe

windows7-x64

⌚/Accur....1.exe

windows10-2004-x64

⌚/DCRat...al.exe

windows7-x64

⌚/DCRat...al.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6bf4772cae624456cb29b1201ed435eff4c925b27b48de326946b997d1098b9bN.exe

  • Size

    7.3MB

  • Sample

    241129-vgqaaswqcz

  • MD5

    ba51fe0a806fde9a0a548d5c944ade50

  • SHA1

    1763951e46fce5ded1faac1328cd409ae38d5cee

  • SHA256

    6bf4772cae624456cb29b1201ed435eff4c925b27b48de326946b997d1098b9b

  • SHA512

    d9a23b4aa23d187f6b432edca418251e76dc7c9e8e0688fd7f7ad853acf88629c377784073cc97e5e04fc664d999d64fe3ea49089b3b463656467889dd1f8269

  • SSDEEP

    196608:rTn3WAWbD9PX/xS1m5YTdzCfjQGkbCGhpwdmVQ:rjCP9PX/xUm+TgjQPCGtK

Score
10/10
dcratdiscoveryinfostealerpersistencerat

Malware Config

Targets

    • Target

      6bf4772cae624456cb29b1201ed435eff4c925b27b48de326946b997d1098b9bN.exe

    • Size

      7.3MB

    • MD5

      ba51fe0a806fde9a0a548d5c944ade50

    • SHA1

      1763951e46fce5ded1faac1328cd409ae38d5cee

    • SHA256

      6bf4772cae624456cb29b1201ed435eff4c925b27b48de326946b997d1098b9b

    • SHA512

      d9a23b4aa23d187f6b432edca418251e76dc7c9e8e0688fd7f7ad853acf88629c377784073cc97e5e04fc664d999d64fe3ea49089b3b463656467889dd1f8269

    • SSDEEP

      196608:rTn3WAWbD9PX/xS1m5YTdzCfjQGkbCGhpwdmVQ:rjCP9PX/xUm+TgjQPCGtK

    Score
    10/10
    dcratdiscoveryinfostealerpersistencerat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      ⌚/AccurateBase 3.7.1.exe

    • Size

      6.3MB

    • MD5

      4dfb8e6353a95274e54ce6930cdd9a01

    • SHA1

      23469c142723afd6a6287bb80013a37076bd6fcc

    • SHA256

      e49d072f7c6f476ff8a7f63c153d34343ba8730f229de6306d7a788ed21720b7

    • SHA512

      f7840137cb4569851b44fe3f6c3fc0c2fc37df6ef6b22310e73e2cfe4a3fa04b7d5aa58fc94ea1b2165b50ca83acca97142fd282251ae4502e727e7bb4102eb9

    • SSDEEP

      196608:HlcDaKllZZstCpoDUKK9gglWs6d9yQfePltnHphN:FcuKZZstCpcUKKGgR6LfWD

    Score
    1/10
    behavioral3behavioral4

    • Target

      ⌚/DCRatBuild_actual.exe

    • Size

      2.6MB

    • MD5

      5d3db3851e7e001e7996a01366e70f15

    • SHA1

      6a3204b2ca4df896d3ee8ca6bfb80bf55a7f24ff

    • SHA256

      6d9ec01b5fc9aedcb4352f41667230043e1e4575d5e1cf47bfa0a4f0fed71e15

    • SHA512

      55bce3cda4c7d8216fbf724228dd55dbe1acfebaa8890755dd30c3fda4c33f7c9bff19618702f994f98858bf0260c29ff330f7c87a5c01ad0b14108620552ab7

    • SSDEEP

      49152:UbA305RXRfWOjBrKEMtwiwOSPl/liiHhZB6Kd8FM:Ub1eAdKEM6iwOSt/liEhZBjaM

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks