Overview

overview

10

Static

static

3

b8ec608361...a3.exe

windows7-x64

10

b8ec608361...a3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8ec608361912ca3c3eee53a31d482a3.exe

  • Size

    1.9MB

  • Sample

    250129-k5la5stmh1

  • MD5

    b8ec608361912ca3c3eee53a31d482a3

  • SHA1

    1c48c9d1e58f98fb778bebe88950350e12705070

  • SHA256

    d7b59ed6536dbccd08c10abf5c2064babac20666844909cf1fa94ce9159eb454

  • SHA512

    442b548d094852b95695eca27f2a2e26acbb71b85a45ce8c17a192a10506076f7bb88216ab38790218e403b4305b84572b33de826623cf68a9a65abc87287bf6

  • SSDEEP

    24576:MYAO3n8MjQTrnPQt62BYDA4yaOBGz62J8KROioT8t/ksGKQhum8dCVrHECa0WOID:MYrn7bT4yaOBu8KRON6JGKU7WOL

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      b8ec608361912ca3c3eee53a31d482a3.exe

    • Size

      1.9MB

    • MD5

      b8ec608361912ca3c3eee53a31d482a3

    • SHA1

      1c48c9d1e58f98fb778bebe88950350e12705070

    • SHA256

      d7b59ed6536dbccd08c10abf5c2064babac20666844909cf1fa94ce9159eb454

    • SHA512

      442b548d094852b95695eca27f2a2e26acbb71b85a45ce8c17a192a10506076f7bb88216ab38790218e403b4305b84572b33de826623cf68a9a65abc87287bf6

    • SSDEEP

      24576:MYAO3n8MjQTrnPQt62BYDA4yaOBGz62J8KROioT8t/ksGKQhum8dCVrHECa0WOID:MYrn7bT4yaOBu8KRON6JGKU7WOL

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks