Overview

overview

10

Static

static

3

vgc.exe

windows10-2004-x64

10

vgc.exe

windows10-ltsc 2021-x64

10

vgc.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vgc.exe

  • Size

    56KB

  • Sample

    241207-d9aa4szpdp

  • MD5

    6b66076ea9dd9855bb6f8592f3778299

  • SHA1

    0851a6843651c4a890f5417eede54c76bb2357b2

  • SHA256

    fa2b6e2595af4fd8b7e4cedc88daf254d829132be6cb5e51fd4dbce8323f1665

  • SHA512

    0dc87c60fc6c0106fb79344de207a0b17ef3c46cef0ad8035cb3fc91393c1167b0189c6ae80114b938b227136ea62b9f08be756a81846d4303d7bfd81e8db1b4

  • SSDEEP

    768:T/lUHY89mrZe0xBz71sGRQGsUfzG27YNkTjq7FUMHJH:T/loM71RQGsuzZFnq7FUm

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      vgc.exe

    • Size

      56KB

    • MD5

      6b66076ea9dd9855bb6f8592f3778299

    • SHA1

      0851a6843651c4a890f5417eede54c76bb2357b2

    • SHA256

      fa2b6e2595af4fd8b7e4cedc88daf254d829132be6cb5e51fd4dbce8323f1665

    • SHA512

      0dc87c60fc6c0106fb79344de207a0b17ef3c46cef0ad8035cb3fc91393c1167b0189c6ae80114b938b227136ea62b9f08be756a81846d4303d7bfd81e8db1b4

    • SSDEEP

      768:T/lUHY89mrZe0xBz71sGRQGsUfzG27YNkTjq7FUMHJH:T/loM71RQGsuzZFnq7FUm

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks