Overview

overview

10

Static

static

10

Loader.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader (infected).7z

  • Size

    1.1MB

  • Sample

    250113-ew2zmsxrgn

  • MD5

    fb9ba83bfe03256da98fd4dc33ffef33

  • SHA1

    597c146ceee11c8fa8dfd5268b066f2e9159dfe6

  • SHA256

    590c086f05d1e2c371e3291eda53303a4e83990f2046ae89d9e3352c7b833511

  • SHA512

    0057f9607c84322195ed91378dd96ed6f4406f6de70699b1f47d64d5124db153ed9527dff4683d0f898ef65770aae6fc956fce314d026495a283663c0868b64a

  • SSDEEP

    24576:WEnJrcDvZx7RKNMRPXbWFvNn6sazXZsqqQ8MPGahPV5N9HZp8VYC8EXWaVhP:WEnJrcDPI2tXKQXZsqqQFGahTbHZp9Ed

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      1.5MB

    • MD5

      154029aecb8134930418ece2437864b8

    • SHA1

      a43825d5c82e4266a37e60a746c31ab128b2a4a1

    • SHA256

      394c5bdb282b16f8fc323f01c9a0ebe0a3824c95efbc082a5ae7b1d547ab3617

    • SHA512

      2cc0dd8965fb53479fed5107ec2b8ba90ae15dbbc22f1d0d7bffc573cf049d69ce745840fdaa582060940f5be8381cfd5ecec870943d6a3ddda95c9f32a9826c

    • SSDEEP

      24576:u/R6JpYYCpuA5TwiNgFE/4vZy270wlc8cz4lc2zVg5OlyxJ:uZ6a8+DsZ5lyzIcUawly

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks