Overview

overview

10

Static

static

10

d49f9a9a6f...5a.exe

windows7-x64

10

d49f9a9a6f...5a.exe

windows10-2004-x64

10

d49f9a9a6f...5a.exe

android-9-x86

d49f9a9a6f...5a.exe

android-10-x64

d49f9a9a6f...5a.exe

android-11-x64

d49f9a9a6f...5a.exe

macos-10.15-amd64

d49f9a9a6f...5a.exe

ubuntu-18.04-amd64

d49f9a9a6f...5a.exe

debian-9-armhf

d49f9a9a6f...5a.exe

debian-9-mips

d49f9a9a6f...5a.exe

debian-9-mipsel

Resubmissions

13-01-2025 04:14

250113-etqtlaxqfm 10

12-01-2025 14:01

250112-rbjc1svmhs 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d49f9a9a6f4d5c60ae2c35aafe7d105a.exe

  • Size

    4.2MB

  • Sample

    250113-etqtlaxqfm

  • MD5

    d49f9a9a6f4d5c60ae2c35aafe7d105a

  • SHA1

    8a192f01c06d2b67437c8789bdf564864d11eefc

  • SHA256

    91a5d06a6ddc1dbc0d573871082b21c0ef5d260987d760bff9b1d19966d0c32d

  • SHA512

    fc90ac8848cbc7231bbe6d1c4e974f375d5af137a157d2553e516059270748f5162c1ea51f282850d4572eef6956fc8e6e9cead1a105286c712251ff43d1a440

  • SSDEEP

    98304:hbE+vSZLE4Cj/L7gHNchtcv4zTk24eDeRRXcaiJ:hw+KL6fwscQTk24eWRXhY

Score
10/10
dcratandroiddiscoveryevasioninfostealerlinuxmacosrattrojan

Malware Config

Targets

    • Target

      d49f9a9a6f4d5c60ae2c35aafe7d105a.exe

    • Size

      4.2MB

    • MD5

      d49f9a9a6f4d5c60ae2c35aafe7d105a

    • SHA1

      8a192f01c06d2b67437c8789bdf564864d11eefc

    • SHA256

      91a5d06a6ddc1dbc0d573871082b21c0ef5d260987d760bff9b1d19966d0c32d

    • SHA512

      fc90ac8848cbc7231bbe6d1c4e974f375d5af137a157d2553e516059270748f5162c1ea51f282850d4572eef6956fc8e6e9cead1a105286c712251ff43d1a440

    • SSDEEP

      98304:hbE+vSZLE4Cj/L7gHNchtcv4zTk24eDeRRXcaiJ:hw+KL6fwscQTk24eWRXhY

    Score
    10/10
    dcratdiscoveryevasioninfostealerrattrojan

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

      evasiontrojan

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral10behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8behavioral9

MITRE ATT&CK Enterprise v15

Tasks