Overview

overview

10

Static

static

7

FatalityCr...ng.dll

windows7-x64

1

FatalityCr...ng.dll

windows10-2004-x64

1

FatalityCr....3.dll

windows7-x64

1

FatalityCr....3.dll

windows10-2004-x64

1

FatalityCr...ty.exe

windows7-x64

10

FatalityCr...ty.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FatalityCrack.rar

  • Size

    5.2MB

  • Sample

    250206-kdv19s1php

  • MD5

    b77dc498ed6f44f61ece97fdb80111ce

  • SHA1

    3bb9c1624119a593e26011af95550879318b5ca0

  • SHA256

    691fc2c5c9b9effa163ffbd49bc9a8be1df6b0e6f8a792bedd4e418da3124d84

  • SHA512

    d6eb30d15ee16a48778ec7cabd43b2a64131d1d5227766effab7b4df2b4b6049be0d296ba10ba6e5ff62568b25e4720f6f01965ceef545141711102759c03283

  • SSDEEP

    98304:xi6h7ncSYv4+CSBI+PGfTh/MrOSoegHy4ror0Low9q8PQk/9sZbSEkTYQ49iY/e:oOnct9C8IIqThqOsQy4krNw9q8bAWTYc

Score
10/10
dcratagilenetdefense_evasiondiscoveryinfostealerrattrojan

Malware Config

Targets

    • Target

      FatalityCrack/Bunifu.Licensing.dll

    • Size

      1.3MB

    • MD5

      2b2740e0c34a46de31cf9da8a75d77cf

    • SHA1

      242324f1112e6387cda41686291b6e9a415eeb8c

    • SHA256

      a9be91cae167702885a5ca74273db779e3e391e2e604cc03779ed403c53ebe43

    • SHA512

      605eb300b159e6ed2ee872b6ee378eed7dde6541000221fcd94d52057be91cb3c7dd65c7203f05e0718303b157b6fb941498b5e653501f97f0417d459da6bc40

    • SSDEEP

      24576:ebkurkdR5uuMeiPUf2lHmdpjrcbYdwcqMw5LTvBrq/WGs1xGUfGUCco:a1roD9MeiUDDjrW4bqD5LDBrqWG0GUfX

    Score
    1/10
    behavioral1behavioral2

    • Target

      FatalityCrack/Bunifu.UI.WinForms.1.5.3.dll

    • Size

      342KB

    • MD5

      41c216d27c71a227774e680e95e99f31

    • SHA1

      0a2a93d4ecbf4bbec2faf110066c6b4472b0dbf5

    • SHA256

      012d717b4ac00c3686a772757f49c1908e223624e3974314cdb9fc9291073305

    • SHA512

      e355ba11e41b668e4459f709e87c3e212c8986ea894791d9155791ea9d7315372fb51531eb69204ed2ee38e242de7629e4a2f090c05bf9deeea9ea965ffaf651

    • SSDEEP

      6144:3e5XJsDZGUbIf5kqw23B1Q8g2iYcHIc6uWXMIFidNw:qMZGUbIf5T37Q8ncHNAMhNw

    Score
    1/10
    behavioral3behavioral4

    • Target

      FatalityCrack/Fatality.exe

    • Size

      4.0MB

    • MD5

      fbd12d4ed9c24c092a1690cc37724957

    • SHA1

      9d8709497378bb43d7d77d74b4919a36c01c895a

    • SHA256

      27e56c30c96f880010fb2ec6151ca1176c7292541050ce3f2158b38e82f9f46c

    • SHA512

      829c07f37b99c563065ce84b1a0d721ac93e1b2092d358c297a001c163cd278f43d4f21661dbe7001ecba9841079ba66b57229041dc0698a9a28975ca7c5c2a0

    • SSDEEP

      98304:hBaYSF0HWypBty+P/AGcGFvK/NWIpskZHDRgx3iS:hB/Hhp6CK/Nv5kyS

    Score
    10/10
    dcratdefense_evasiondiscoveryinfostealerrattrojan

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

      defense_evasiontrojan

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks