Overview

overview

10

Static

static

10

eb70291aeb...9N.exe

windows7-x64

10

eb70291aeb...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb70291aebfca69fae386dfcdc209c8f9b36e135e882088c890c46308fa6df69N.exe

  • Size

    2.7MB

  • Sample

    250122-g935zasqct

  • MD5

    9ce973d39537cd129e27ab0ed843c920

  • SHA1

    a0fce68a43511da1cbd63600b8e824cf684d9617

  • SHA256

    eb70291aebfca69fae386dfcdc209c8f9b36e135e882088c890c46308fa6df69

  • SHA512

    20dbb88bc9d5862ede036633a8e3937f47e49321872f78706d1b5881071167ab75c08da10c9a8e03a5d747f233ff97c2b0cb8e572297c309cc1497658030f404

  • SSDEEP

    24576:2TbBv5rUyXVnI++nluNY4Cw7sULqPyZwSxIshnWIjm7vZAjX+ez87TkQPI1Q7SGS:IBJI++n8NY+lwSx9WkiLekTk1JMrs

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      eb70291aebfca69fae386dfcdc209c8f9b36e135e882088c890c46308fa6df69N.exe

    • Size

      2.7MB

    • MD5

      9ce973d39537cd129e27ab0ed843c920

    • SHA1

      a0fce68a43511da1cbd63600b8e824cf684d9617

    • SHA256

      eb70291aebfca69fae386dfcdc209c8f9b36e135e882088c890c46308fa6df69

    • SHA512

      20dbb88bc9d5862ede036633a8e3937f47e49321872f78706d1b5881071167ab75c08da10c9a8e03a5d747f233ff97c2b0cb8e572297c309cc1497658030f404

    • SSDEEP

      24576:2TbBv5rUyXVnI++nluNY4Cw7sULqPyZwSxIshnWIjm7vZAjX+ez87TkQPI1Q7SGS:IBJI++n8NY+lwSx9WkiLekTk1JMrs

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • DCRat payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks