Overview

overview

10

Static

static

10

2c1c922224...72.exe

windows7-x64

10

2c1c922224...72.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2c1c9222242148483befec88bb981d11b1736abe489f0005bd3a3d921329b772.exe

  • Size

    315KB

  • Sample

    250120-cmmr9awmb1

  • MD5

    ec9c92645e4178fda49d0a3aecd70b39

  • SHA1

    ec0c8e353318c041da25c11c4d9cc593519137d8

  • SHA256

    2c1c9222242148483befec88bb981d11b1736abe489f0005bd3a3d921329b772

  • SHA512

    d96c7dfba3094507bd4e9d4ee23ae08c221f011131b2ba7ffa3b97edc0934e4056ebdb6623171bc9b52d77ddd9e34e265ea953cd1547b3c83703aece766c9a8f

  • SSDEEP

    6144:2dsy2oo7KrfynB80ZhrabrFyA/5Txe0M/Lmld4pQdxTbkr9u:2P2N7KKS0ZXA/HF06dx8Z

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      2c1c9222242148483befec88bb981d11b1736abe489f0005bd3a3d921329b772.exe

    • Size

      315KB

    • MD5

      ec9c92645e4178fda49d0a3aecd70b39

    • SHA1

      ec0c8e353318c041da25c11c4d9cc593519137d8

    • SHA256

      2c1c9222242148483befec88bb981d11b1736abe489f0005bd3a3d921329b772

    • SHA512

      d96c7dfba3094507bd4e9d4ee23ae08c221f011131b2ba7ffa3b97edc0934e4056ebdb6623171bc9b52d77ddd9e34e265ea953cd1547b3c83703aece766c9a8f

    • SSDEEP

      6144:2dsy2oo7KrfynB80ZhrabrFyA/5Txe0M/Lmld4pQdxTbkr9u:2P2N7KKS0ZXA/HF06dx8Z

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks