Overview

overview

10

Static

static

10

Nursultan-...ha.exe

windows10-2004-x64

10

Nursultan-...ha.exe

windows10-ltsc 2021-x64

10

Nursultan-...ha.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nursultan-Alpha-main (VIRUS!!!).zip

  • Size

    574KB

  • Sample

    241217-vek8katqfk

  • MD5

    5730865526c9050b088d564c1506fbd8

  • SHA1

    58b5fc5577e2d125445c67c271a0757d5f8fb582

  • SHA256

    714c3946e5b2691b37a20d47af5323e96e6d1ecc9976f9df841f1d5674d44b03

  • SHA512

    c6cc6d6f8db96b43792c2d8afb0df39b77793f01e91bdafb11f75f587b9d3bd0e9f20039581e6f690a341cfc2618adce7e11641525b3d2c064cc5b95936a4889

  • SSDEEP

    12288:OrCk/O342/nVHpC6ZoQ193+YivgGkmDQn0hwoVMV+5r:OzA4OJfoQytEn0W6Mc5r

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      Nursultan-Alpha-main/NursultanAlpha.exe

    • Size

      1.1MB

    • MD5

      04d47663369ae93c8a2325d1fdafd7da

    • SHA1

      d47262b1d1f8d938e44e98d96fbba35233166b53

    • SHA256

      11b323227ec42ebc937299ac946582c13253b8a707c371adeadd225ec14f2eee

    • SHA512

      78896538afd82ef2fe524502456510b3fc5dd0819bee92aaf0d002231b8bd11beee59f3a78d1bbbf2a33e6ab613f1b431cbf26fe8733b6ac70b69b2a47e92e1f

    • SSDEEP

      24576:S2G/nvxW3Wu0Toe7NtsNN4rnw4P1DtV5ffUAU0X:SbA3G8ehWGH5T

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks