Overview

overview

10

Static

static

10

9a5b5447b6...2N.exe

windows7-x64

10

9a5b5447b6...2N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a5b5447b67c7f165689b1e1c5f65f92663425b527aacc4d9ec73e66d29e2692N.exe

  • Size

    1.1MB

  • Sample

    250121-d4f7gavjay

  • MD5

    d2f57cf55387c9146158f49dbcf5b540

  • SHA1

    57fb9892bdf6362073eb3cb1452a291568b49e23

  • SHA256

    9a5b5447b67c7f165689b1e1c5f65f92663425b527aacc4d9ec73e66d29e2692

  • SHA512

    5d2da7dcbe87ceee345b95d99fc47a209a5621c88483fdb3484493f75fe0e8cc5802703dcd44e068a83738401b7e6a8edaeef7b098a804ae4989ccfb2ef4f78e

  • SSDEEP

    24576:U2G/nvxW3Ww0tI2qYVrBvevwx8P9brkuXq:UbA30I2TvkPOf

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      9a5b5447b67c7f165689b1e1c5f65f92663425b527aacc4d9ec73e66d29e2692N.exe

    • Size

      1.1MB

    • MD5

      d2f57cf55387c9146158f49dbcf5b540

    • SHA1

      57fb9892bdf6362073eb3cb1452a291568b49e23

    • SHA256

      9a5b5447b67c7f165689b1e1c5f65f92663425b527aacc4d9ec73e66d29e2692

    • SHA512

      5d2da7dcbe87ceee345b95d99fc47a209a5621c88483fdb3484493f75fe0e8cc5802703dcd44e068a83738401b7e6a8edaeef7b098a804ae4989ccfb2ef4f78e

    • SSDEEP

      24576:U2G/nvxW3Ww0tI2qYVrBvevwx8P9brkuXq:UbA30I2TvkPOf

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks