Overview

overview

10

Static

static

10

Proverka by Hiki.exe

windows7-x64

10

Proverka by Hiki.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Proverka.rar

  • Size

    909KB

  • Sample

    250119-r8194asjgw

  • MD5

    be52318896407c65457eebe7c142dd30

  • SHA1

    34e7dacdc21fd82ccab125fca470524db40a49f5

  • SHA256

    4bbe552636afb81ca47cd3a979635231602266932e4c40a75beb01fa7b6556fd

  • SHA512

    e1f3acfe2fd09d93b14617ffcd8d3806ce858a5ae3c7f4da313fc92acd62977594fd28fb78fbc141d808b21f448588f71792b609ec5ee60937fb6d1090d410a6

  • SSDEEP

    12288:lBbbNiWwr9MLbzXJESmA4KBepOiEweWy7CIhl2Bp3kLLndRyWpIq0CmlFbpE+IyG:lRvb7XJx4KBe8wel9X2P3kHSWKVZNIam

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      Proverka by Hiki.exe

    • Size

      1.5MB

    • MD5

      c421510c6a46fcf9b10c90672df57670

    • SHA1

      8bd03e0a5c08e1bdce3c89c5cff0c251010f6371

    • SHA256

      c15015876eb1710d01b4b3e624c08018c8d5c01d005b9a483be5edb17aaa709e

    • SHA512

      713bef3c610971b6b3d61ed492b93376fb2932acc328857d5558bdea519f6bebd386ed67744daa3a5d7f0ce635d9dcfb65930b902e6058855c721d165df16b11

    • SSDEEP

      24576:U2G/nvxW3Ww0tk1HW292457Vudtb6tphnwTlD7jL79usS68sRclBkfKWVedo:UbA30k12w5Dbh+lu08LIKWH

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks