Overview

overview

10

Static

static

10

StablePola...le.exe

windows7-x64

10

StablePola...le.exe

windows10-2004-x64

10

StablePola...de.dll

windows7-x64

1

StablePola...de.dll

windows10-2004-x64

1

StablePola...ta.dll

windows7-x64

1

StablePola...ta.dll

windows10-2004-x64

1

StablePola...ws.dll

windows7-x64

1

StablePola...ws.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    StablePolaria.zip

  • Size

    15.1MB

  • Sample

    250118-ydvx6asjd1

  • MD5

    e3dd9f57df59adbad3fa267be5d2805a

  • SHA1

    afe07732c1d31ab25dc5df21a3bad194a141826f

  • SHA256

    369fee29d5d28b92e18c413371a74421a66ae2df72ffd1931826a2f5965b5880

  • SHA512

    afd9bfa3069492dfc9017163dcb9c30bbb7537b4235a1bbc82ba61321682e2b342f0c60583ae613ec98423677484fec3e374abfd5a6c1763ad7debecb97ee85c

  • SSDEEP

    24576:i2G/nvxW3WY3h0KomE5c7JtTE/TWsO8MxL1ccccccccccccccccccccccccccccV:ibA3x3GKCuP3AMN

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      StablePolaria/PolariaClientStable.exe

    • Size

      1.2MB

    • MD5

      93beba30961d66c4bf317a91e2ceab60

    • SHA1

      5c394cf0254b1eebb9a978556ce6d94f8fced169

    • SHA256

      da55b07483858fc038855e7aa1290036419f9dadb362c510951d20385106584d

    • SHA512

      9a7ed86f099c7ab52357cc846e3d872bf4e9f33e3792e16395200e1c4cc9e0b491a94eb45430c202da50a4f2bdb23f0d7d2bcaa4aefe735996462f9789a0ae7d

    • SSDEEP

      24576:O2G/nvxW3WY3h0KomE5c7JtTE/TWsO8Mxj:ObA3x3GKCuP3AMp

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      StablePolaria/dllss/BetaMode.dll

    • Size

      4.1MB

    • MD5

      da6954324aa117b54b02e4b2bff42221

    • SHA1

      3709f064aa6752ccd072dd55b0c3814d56224234

    • SHA256

      75865fc995da1c28c4e302b447a9690083153098096fd678fb1123a9cd0b2c43

    • SHA512

      2c2fd12a531f116086a518d9556949c6f79739d78f7c77f403c13cfdc91597993996eadcc3559cf45156bcad67c9c4b9b95372c5d8ffc5affff9412bdcae31bf

    • SSDEEP

      24576:8cccccccccccccccccccccccccccccccccccccccccccccccccccccAccccccccV:i

    Score
    1/10
    behavioral3behavioral4

    • Target

      StablePolaria/dllss/Data.dll

    • Size

      4.1MB

    • MD5

      51dea40f3daef4fff5a07358db9efb51

    • SHA1

      35b66c8e47e5ab937477b9816129ec5f96a13c93

    • SHA256

      805df5c4ac52f3db463f0f7c44cf921fbfc85ccdab4382f89b7e06ffeeee18bd

    • SHA512

      b27fed18279088fc2ec85a778a0934ded7a433c1cd372fdf997b429faa510362c02332ce63294f78b27f5d6c6d0e73ed21a3cdf6a5b24216f3caf247c1870f0d

    • SSDEEP

      24576:JBKGBKABKGBKnBKGBKnBKGBKnBKGBKnBKGBK4:X

    Score
    1/10
    behavioral5behavioral6

    • Target

      StablePolaria/dllss/PolariaWindows.dll

    • Size

      3.1MB

    • MD5

      4656cd6f442e8c6ec55fecb527fbe71e

    • SHA1

      3521a9a6939743b07d80fcdbad28b2b1c3ce0fbe

    • SHA256

      25a187ccbc65711feaadbb5ac4c6103e2f6ea5d5debb1130c8300d864fbd743f

    • SHA512

      33570aa49683950477f1a1b5da6ca0fed9fc5ef87d2b451fdc038318c4f371e12f240cf6fd411a56a6582531dc6815048e21682cecdd85b7b4a6b56d984613d4

    • SSDEEP

      1536:o1TTTTTTTTTTTTTTTTTTTTTr1TTTTTTTTTTTTTTTTTTTTTTG1TTTTTTTTTTTTTTg:2

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks