Overview

overview

10

Static

static

3

Source Leak.zip

windows7-x64

1

Source Leak.zip

windows10-2004-x64

10

Source Lea...dup.js

windows7-x64

3

Source Lea...dup.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Source Leak.zip

  • Size

    39.6MB

  • Sample

    250125-xglcfswlgz

  • MD5

    e64b8344b70fecd613395cdf888698ae

  • SHA1

    543c6c5297febf627a28be183adfb500012bb00a

  • SHA256

    b878bfc5791ec1039c16b2e81e465fe511e04619f1952f1b34c4d5a28d3eb60d

  • SHA512

    3b65d816dbd64aeef3d8627c6b22239adfd21a91bbfa327d76e48057d0a8503cda0bf9dd946ddaab389f5d078f68292970c0447c0dd1c3c9ab0fafad50e7bfff

  • SSDEEP

    786432:Q8f8EgLU6Dc11xD8ZEs69KZZg2pK0BWvcErSde6No8Xpt:Q8EEggPBW8AgeKagcmSrNF

Score
10/10
dcratdiscoveryexecutioninfostealerrat

Malware Config

Targets

    • Target

      Source Leak.zip

    • Size

      39.6MB

    • MD5

      e64b8344b70fecd613395cdf888698ae

    • SHA1

      543c6c5297febf627a28be183adfb500012bb00a

    • SHA256

      b878bfc5791ec1039c16b2e81e465fe511e04619f1952f1b34c4d5a28d3eb60d

    • SHA512

      3b65d816dbd64aeef3d8627c6b22239adfd21a91bbfa327d76e48057d0a8503cda0bf9dd946ddaab389f5d078f68292970c0447c0dd1c3c9ab0fafad50e7bfff

    • SSDEEP

      786432:Q8f8EgLU6Dc11xD8ZEs69KZZg2pK0BWvcErSde6No8Xpt:Q8EEggPBW8AgeKagcmSrNF

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

    • Target

      Source Leak/FortniteExternalBase/util/loadup.hpp

    • Size

      7KB

    • MD5

      a0f66b0a76db9a2faedfc8aa94601a25

    • SHA1

      5a8838b0757be592c61a2e2860336eea7e79ff56

    • SHA256

      6db0aea5b2d57418c257610ea5ceaa80e7744fafaf0319cba3bc79bb3100a3cb

    • SHA512

      9e4fa89c72a54e6522597b8262792355165c098446a25f9d257d2a5be901536478eeb2370415e21f4cff272f8e8cc58b138f9403c92c7df1bb86cf38643ab95d

    • SSDEEP

      96:XRKQHhzoxEM8z/9vGna6E66Mm3BXx6538x6p3Rx6j34f6Tn+gIXU1L3lwwen+I76:oQHlUEXYyxMscBkYw1LbEgIUGzA

    Score
    3/10
    execution
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks