Overview

overview

10

Static

static

10

05b123c99c...77.exe

windows7-x64

10

05b123c99c...77.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    deb7ba77dcf2e54fb23d1a9b0e51088d.bin

  • Size

    416KB

  • Sample

    241201-b99d4axlgl

  • MD5

    d1be18a2b55cedd18d305630032fe3cb

  • SHA1

    042a658c454350abc4c0b6dbbd8133f9c1ab0496

  • SHA256

    2940b96b58506a050c9a5a26a01407e699e4e326955bbe5ea72505b392d0459e

  • SHA512

    07de9106ee1244b04f1c86693308569cf5b78804df9978b7b1c364ac924503ffd022a91543a0d951f49ee2664ed0c0d98a49c8a544eebaf94b7d4da28e6f6c22

  • SSDEEP

    12288:BX/IYRd6eMaVBut+7NwtbE25X58CFOBIu:GYRd9M4cftYMpHOBIu

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      05b123c99c5736a62f1cfd6bc6a9335a533849fe663d875d20ece0caca82e077.exe

    • Size

      828KB

    • MD5

      deb7ba77dcf2e54fb23d1a9b0e51088d

    • SHA1

      6468abad160c22594fc014d948963ba4a8565074

    • SHA256

      05b123c99c5736a62f1cfd6bc6a9335a533849fe663d875d20ece0caca82e077

    • SHA512

      18cedb50ceab47fed77100586bbb68692d82e4d3afe59815e0fb0d7c88677362756d2bcdc3003f0e6e1b2a3edff36ac450a9864d4d64ef5218612bc86e538de2

    • SSDEEP

      12288:GKLmyuewe+aR5pDIBqIBpoAmxkPnGZKYKvwdUyBWwKoX6t:GoBuQ+I5p5qpLhu33BWwXqt

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks