Overview

overview

10

Static

static

3

AVX.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AVX.exe

  • Size

    15.5MB

  • Sample

    250201-pvn2havjfm

  • MD5

    71bd1549343b45aaa834d5080b9ffa16

  • SHA1

    1b6b8fdf46eb77985871783693293f2d82f3cb18

  • SHA256

    38b5e6da055c6acce5b291cb52cca7a36678b8653d27e8cddda58b0bbdb3c13b

  • SHA512

    121eb8313a600014c12cb77035dd0be31dc94affa4c398fb58d83fa6025da52e4fc8f9160e6df4c2cfc81ccc71b15f8ca8d5235072e979b70d95fba90643d99e

  • SSDEEP

    49152:IBJWHaVVpc2dK3NmRu8X+6C4SqQ1rD+5/aaRBTCUqengzgFeKaHt0:yIT2doN2u8zC4Sv1rY/d/Fqengzg1aN0

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      AVX.exe

    • Size

      15.5MB

    • MD5

      71bd1549343b45aaa834d5080b9ffa16

    • SHA1

      1b6b8fdf46eb77985871783693293f2d82f3cb18

    • SHA256

      38b5e6da055c6acce5b291cb52cca7a36678b8653d27e8cddda58b0bbdb3c13b

    • SHA512

      121eb8313a600014c12cb77035dd0be31dc94affa4c398fb58d83fa6025da52e4fc8f9160e6df4c2cfc81ccc71b15f8ca8d5235072e979b70d95fba90643d99e

    • SSDEEP

      49152:IBJWHaVVpc2dK3NmRu8X+6C4SqQ1rD+5/aaRBTCUqengzgFeKaHt0:yIT2doN2u8zC4Sv1rY/d/Fqengzg1aN0

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks