Overview

overview

10

Static

static

10

CrackWar.exe

windows7-x64

10

CrackWar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CrackWar.exe

  • Size

    1.1MB

  • Sample

    250110-vwyvzssrar

  • MD5

    70af5fd7c9c21dfe942dbdcea82d7742

  • SHA1

    59f6da38e354a8e8eb7d1b27d3dc069330586421

  • SHA256

    41e9eebddfdeca09dbe3e0aa1b524984f717e56646e187cfac0aafab724b7350

  • SHA512

    1780419416e9029153de19843b68f4e283d208734fad2931296f3fb6d60af728570a3eda16e0352f911b9ecf5fff75c28c6d0afc445ad06f10d15d794be9e01f

  • SSDEEP

    24576:D2G/nvxW3WOMUtrgrOszTCNs3tYch25XbAujOjh:DbA3rtsrOTs725Qd

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      CrackWar.exe

    • Size

      1.1MB

    • MD5

      70af5fd7c9c21dfe942dbdcea82d7742

    • SHA1

      59f6da38e354a8e8eb7d1b27d3dc069330586421

    • SHA256

      41e9eebddfdeca09dbe3e0aa1b524984f717e56646e187cfac0aafab724b7350

    • SHA512

      1780419416e9029153de19843b68f4e283d208734fad2931296f3fb6d60af728570a3eda16e0352f911b9ecf5fff75c28c6d0afc445ad06f10d15d794be9e01f

    • SSDEEP

      24576:D2G/nvxW3WOMUtrgrOszTCNs3tYch25XbAujOjh:DbA3rtsrOTs725Qd

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks