Overview

overview

10

Static

static

3

RecentFiler-tools.exe

windows7-x64

10

RecentFiler-tools.exe

windows10-2004-x64

10

RecentFiler-tools.exe

android-9-x86

RecentFiler-tools.exe

android-10-x64

RecentFiler-tools.exe

android-11-x64

RecentFiler-tools.exe

macos-10.15-amd64

RecentFiler-tools.exe

ubuntu-18.04-amd64

RecentFiler-tools.exe

debian-9-armhf

RecentFiler-tools.exe

debian-9-mips

RecentFiler-tools.exe

debian-9-mipsel

Resubmissions

13-01-2025 04:31

250113-e5lzsawkgv 10

12-01-2025 16:28

250112-tyzpmaslhj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RecentFiler-tools.exe

  • Size

    3.8MB

  • Sample

    250113-e5lzsawkgv

  • MD5

    ee83fe3104070859f841afb7af5cbfff

  • SHA1

    3847b3459fca7aec48f5711bedf807a98b845808

  • SHA256

    870cd80a419c1b2b24b3cef28291bba2155ebee9a34d7e100ea822a127458069

  • SHA512

    95fa3e41197443f65dd323445fb615702af73e72e9f8b5cacda5d9eebb94bb60310a87ac4d5d3ea079f536c4dfa194dc8912ab59a968f41c836a5b2a26790ea8

  • SSDEEP

    98304:ymjQg7O4z4P0bk/WgCMZcX08aj5nOq4EniheBXX:XjQga40Mb8WgCOcX0Vj5nv4Eihy

Score
10/10
dcratandroiddiscoveryinfostealerlinuxmacosrat

Malware Config

Targets

    • Target

      RecentFiler-tools.exe

    • Size

      3.8MB

    • MD5

      ee83fe3104070859f841afb7af5cbfff

    • SHA1

      3847b3459fca7aec48f5711bedf807a98b845808

    • SHA256

      870cd80a419c1b2b24b3cef28291bba2155ebee9a34d7e100ea822a127458069

    • SHA512

      95fa3e41197443f65dd323445fb615702af73e72e9f8b5cacda5d9eebb94bb60310a87ac4d5d3ea079f536c4dfa194dc8912ab59a968f41c836a5b2a26790ea8

    • SSDEEP

      98304:ymjQg7O4z4P0bk/WgCMZcX08aj5nOq4EniheBXX:XjQga40Mb8WgCOcX0Vj5nv4Eihy

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral10behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8behavioral9

MITRE ATT&CK Enterprise v15

Tasks