Overview

overview

10

Static

static

10

0215f663fd...11.exe

windows7-x64

10

0215f663fd...11.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0215f663fdd517dfaf504dde88033d11.exe

  • Size

    2.6MB

  • Sample

    250208-3hvkeaxpgt

  • MD5

    0215f663fdd517dfaf504dde88033d11

  • SHA1

    0ded73fec09ecb866568a5d3cf4bd442b0d8d554

  • SHA256

    a51d05aad64836fbca131477091f1a0ad80d1759387af35adc3861f9e0ac96cf

  • SHA512

    a308332b346bcc91f105bcea3df2e811f3429425ec1675fdbc05ede95c2faba173f47404746ea3a8ec690e9c8ebf2a53fc2f748a4d58e9c448f9be3f35edab5d

  • SSDEEP

    49152:UbA305FwUvjxmrQaS68AOKauPwpisvLwl0SnW+7dzz:UbP5xmqADFgisvkl0SnWi1z

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      0215f663fdd517dfaf504dde88033d11.exe

    • Size

      2.6MB

    • MD5

      0215f663fdd517dfaf504dde88033d11

    • SHA1

      0ded73fec09ecb866568a5d3cf4bd442b0d8d554

    • SHA256

      a51d05aad64836fbca131477091f1a0ad80d1759387af35adc3861f9e0ac96cf

    • SHA512

      a308332b346bcc91f105bcea3df2e811f3429425ec1675fdbc05ede95c2faba173f47404746ea3a8ec690e9c8ebf2a53fc2f748a4d58e9c448f9be3f35edab5d

    • SSDEEP

      49152:UbA305FwUvjxmrQaS68AOKauPwpisvLwl0SnW+7dzz:UbP5xmqADFgisvkl0SnWi1z

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks