Overview

overview

10

Static

static

3

HORNETrat_...er.exe

windows7-x64

10

HORNETrat_...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HORNETrat_launcher.rar

  • Size

    2.3MB

  • Sample

    250131-dcsq7azkhq

  • MD5

    776114b72b7c339849cbf07f832bd89e

  • SHA1

    4c03288ef3f0b22a5dbef1aaae1fdc7b54112d7d

  • SHA256

    a239175d724d2caf4b4de497e819e32c8575fc1f93ddfbc7ec510cbc63b6bbac

  • SHA512

    d24271e877d3a72fa7d6724fe38bbb5bad77efb5eed2ee484fa4b12774de4649463f335505260fde95388fc54e6d232ea6b46a35b04d097db9f7e24b4428c90b

  • SSDEEP

    49152:iM8yBzoWDoF6Cl/BzH9S0AWVqURg+DyWeu70+ZUIQxeb6GRrwDR:98mzorZzHs0AWVqsD770+78bt

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      HORNETrat_launcher.com

    • Size

      2.9MB

    • MD5

      f07b8eea2d8c8ee368b680254ad0fee5

    • SHA1

      1c75b5bcabedf0e31c76df0ff6ee23ab389bae3b

    • SHA256

      34947ad997759cb6aaf571df44c0996dae57e04cf4510ef4136b8b7ca16eea4e

    • SHA512

      9c01412cb8aa51419f74f8b614f88383f41ce2e2698b373b7d59519d23b875e0660b6fe4a947afa0b79878223afacb8cb8b8a3164b0a44d20f8f58521ff9d21e

    • SSDEEP

      49152:BB3kRVwF/UHWZU5qfD330oa5EL0h81IC4XA4QKa1lWpdh:L0ReSS05G281ICX4QKa1lWpdh

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks