Overview

overview

10

Static

static

10

a551897ab4...ae.exe

windows7-x64

10

a551897ab4...ae.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a551897ab412f068fb7f78168d68d4ae.exe

  • Size

    1.3MB

  • Sample

    250126-n876vsskfm

  • MD5

    a551897ab412f068fb7f78168d68d4ae

  • SHA1

    6809074746c56f07925481c3f3c7b8450f4ac511

  • SHA256

    638993233ac930a66dd7b5cb27ce295330bd4b3442db9a4f0141e98865006e0f

  • SHA512

    253231478488a18d8c3df329d4c4957ba0cfda958be05a89cb3bbd3e975c57ba7b9ee95ceb7daf95acecf12c0683e1e54e407fe785fb62aa01522e73cbb91262

  • SSDEEP

    24576:YdP7B7BXpVpNIt/gcf3xABGJ2ypvVP07DgWpw5TIsmI0zhfbriSx2:YdP7543vVc7Dg0UTIrhfb+S

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      a551897ab412f068fb7f78168d68d4ae.exe

    • Size

      1.3MB

    • MD5

      a551897ab412f068fb7f78168d68d4ae

    • SHA1

      6809074746c56f07925481c3f3c7b8450f4ac511

    • SHA256

      638993233ac930a66dd7b5cb27ce295330bd4b3442db9a4f0141e98865006e0f

    • SHA512

      253231478488a18d8c3df329d4c4957ba0cfda958be05a89cb3bbd3e975c57ba7b9ee95ceb7daf95acecf12c0683e1e54e407fe785fb62aa01522e73cbb91262

    • SSDEEP

      24576:YdP7B7BXpVpNIt/gcf3xABGJ2ypvVP07DgWpw5TIsmI0zhfbriSx2:YdP7543vVc7Dg0UTIrhfb+S

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks