Overview

overview

10

Static

static

10

2abf0a4306...18.exe

windows7-x64

10

2abf0a4306...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2abf0a43060822d9de4bbdf47ce86f18.exe

  • Size

    1.3MB

  • Sample

    250126-ccmz9szjgp

  • MD5

    2abf0a43060822d9de4bbdf47ce86f18

  • SHA1

    6cf607aad69b621bc6588554a829f43356dd1982

  • SHA256

    319781e3769beba7c2ea7960fd3bb69085bf49212e6f94195b90e9d61aa777c2

  • SHA512

    ed680a510607e89207960dff940e9e1b094c8d2dacdc71a9d530f5c2dc13ea01e6b197c2b3c563a181f29e61ac480694367364161d2607daa3b39bad8154c59c

  • SSDEEP

    24576:6eQUdeXNZK2iMWaKJLOXXSI1hJXET8ynWbnOuO9MWHjVUcmo:6e2S1JCp1zoxWyuO9HDu

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      2abf0a43060822d9de4bbdf47ce86f18.exe

    • Size

      1.3MB

    • MD5

      2abf0a43060822d9de4bbdf47ce86f18

    • SHA1

      6cf607aad69b621bc6588554a829f43356dd1982

    • SHA256

      319781e3769beba7c2ea7960fd3bb69085bf49212e6f94195b90e9d61aa777c2

    • SHA512

      ed680a510607e89207960dff940e9e1b094c8d2dacdc71a9d530f5c2dc13ea01e6b197c2b3c563a181f29e61ac480694367364161d2607daa3b39bad8154c59c

    • SSDEEP

      24576:6eQUdeXNZK2iMWaKJLOXXSI1hJXET8ynWbnOuO9MWHjVUcmo:6e2S1JCp1zoxWyuO9HDu

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks