Overview

overview

10

Static

static

10

saysoy.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    saysoy.exe

  • Size

    1.1MB

  • Sample

    250118-n8pdrasnfy

  • MD5

    14c9cc784c40dcf4a3292c0a76df1ea3

  • SHA1

    14b0046527957ac8efd6a2ec6f1095b24d2260c5

  • SHA256

    a5a25930819bbbec78be692ac22ac53c2c4844e1d031a9bfa5f538d48a13114e

  • SHA512

    bcdb1796566603193d481a5c6e1e2ea87d867f49f85d998e1605e196754661ac8096af81446064743fa84f9f731080bca413cc8b1440cf96490d15918efdb79b

  • SSDEEP

    24576:U2G/nvxW3Ww0t3GKOZiHjKZIOBkNz7goRALs5fkbX1rCf:UbA303WZioIOBgOs5sbl+

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      saysoy.exe

    • Size

      1.1MB

    • MD5

      14c9cc784c40dcf4a3292c0a76df1ea3

    • SHA1

      14b0046527957ac8efd6a2ec6f1095b24d2260c5

    • SHA256

      a5a25930819bbbec78be692ac22ac53c2c4844e1d031a9bfa5f538d48a13114e

    • SHA512

      bcdb1796566603193d481a5c6e1e2ea87d867f49f85d998e1605e196754661ac8096af81446064743fa84f9f731080bca413cc8b1440cf96490d15918efdb79b

    • SSDEEP

      24576:U2G/nvxW3Ww0t3GKOZiHjKZIOBkNz7goRALs5fkbX1rCf:UbA303WZioIOBgOs5sbl+

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks