Overview

overview

10

Static

static

10

w.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    w.exe

  • Size

    1.1MB

  • Sample

    250201-rd8qpaxldm

  • MD5

    916e7e11eec1f7550312e6dad79a3027

  • SHA1

    bef635ab11898cdd33a7cac9cb48a687cc58eb3e

  • SHA256

    a5e738fd413ce1211c133c3563559318758d22357276470d2904b262572097a5

  • SHA512

    a1f48f697c204e0e5a87955d8d8c90c874ce7cb5e5fee218c471f89b87e2e6c6049136bf64e0cc4a44f16b98a0ab5f38351fa36e6977b92a3677a898659ef1aa

  • SSDEEP

    24576:U2G/nvxW3Ww0tcWnxxx2mUO9OmCOBYQigDKWML:UbA30c2xvKCRS

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      w.exe

    • Size

      1.1MB

    • MD5

      916e7e11eec1f7550312e6dad79a3027

    • SHA1

      bef635ab11898cdd33a7cac9cb48a687cc58eb3e

    • SHA256

      a5e738fd413ce1211c133c3563559318758d22357276470d2904b262572097a5

    • SHA512

      a1f48f697c204e0e5a87955d8d8c90c874ce7cb5e5fee218c471f89b87e2e6c6049136bf64e0cc4a44f16b98a0ab5f38351fa36e6977b92a3677a898659ef1aa

    • SSDEEP

      24576:U2G/nvxW3Ww0tcWnxxx2mUO9OmCOBYQigDKWML:UbA30c2xvKCRS

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks