Overview

overview

10

Static

static

10

715f3b9c49...76.exe

windows7-x64

10

715f3b9c49...76.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    715f3b9c490abf08c544ba284eccd6fa58aa6ee93dd810ce24000531b4ed3d76.exe

  • Size

    829KB

  • Sample

    250113-cwywwatngq

  • MD5

    4009f012c67a909b3e30c3b179db5c1c

  • SHA1

    55c96f7b89a50031058cb0764885c49967394dfb

  • SHA256

    715f3b9c490abf08c544ba284eccd6fa58aa6ee93dd810ce24000531b4ed3d76

  • SHA512

    0c18cef0b27609265de49a761f026376a6811801233b323ed30781f1018a7a1855900c8edb63e417a27cb89b4d5a04671c53ea56bf1ed904ad07825ce8a5eef6

  • SSDEEP

    12288:aGiX93/xLFsYqnIIktZs0CT2DfdGbLQ8JYL/XOaraRP3OZWw:aGit3/xLF6nlktZs0X2g/OaraF3OZWw

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      715f3b9c490abf08c544ba284eccd6fa58aa6ee93dd810ce24000531b4ed3d76.exe

    • Size

      829KB

    • MD5

      4009f012c67a909b3e30c3b179db5c1c

    • SHA1

      55c96f7b89a50031058cb0764885c49967394dfb

    • SHA256

      715f3b9c490abf08c544ba284eccd6fa58aa6ee93dd810ce24000531b4ed3d76

    • SHA512

      0c18cef0b27609265de49a761f026376a6811801233b323ed30781f1018a7a1855900c8edb63e417a27cb89b4d5a04671c53ea56bf1ed904ad07825ce8a5eef6

    • SSDEEP

      12288:aGiX93/xLFsYqnIIktZs0CT2DfdGbLQ8JYL/XOaraRP3OZWw:aGit3/xLF6nlktZs0X2g/OaraF3OZWw

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks