Overview

overview

10

Static

static

10

7c967ba56e...f9.exe

windows7-x64

10

7c967ba56e...f9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c967ba56e075c2e3b7c00f241174af9.exe

  • Size

    828KB

  • Sample

    250208-3yl8zaznak

  • MD5

    7c967ba56e075c2e3b7c00f241174af9

  • SHA1

    02b5a1faf356d26d5a2e8bf3a9bad60d9d58a481

  • SHA256

    bf535e7a5785a1986e37eb8b8aea34917fbc3b325477a9b2282a69ce2c7886fc

  • SHA512

    ac3100408fff39ee6439bdb26989babbae63a66f0282d221e45f2f71e20dee047c2e71320937f49e1856aa8b44a76b918ea21062676d8e7272a622a5850f933f

  • SSDEEP

    12288:DP7E9MKvhdF3pJCh2jyiNInfPPCB51Po5Wo4pkLzCJZnzeZDaS:DPgMKvh4ianfPPa7nkH8Zn6ZR

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      7c967ba56e075c2e3b7c00f241174af9.exe

    • Size

      828KB

    • MD5

      7c967ba56e075c2e3b7c00f241174af9

    • SHA1

      02b5a1faf356d26d5a2e8bf3a9bad60d9d58a481

    • SHA256

      bf535e7a5785a1986e37eb8b8aea34917fbc3b325477a9b2282a69ce2c7886fc

    • SHA512

      ac3100408fff39ee6439bdb26989babbae63a66f0282d221e45f2f71e20dee047c2e71320937f49e1856aa8b44a76b918ea21062676d8e7272a622a5850f933f

    • SSDEEP

      12288:DP7E9MKvhdF3pJCh2jyiNInfPPCB51Po5Wo4pkLzCJZnzeZDaS:DPgMKvh4ianfPPa7nkH8Zn6ZR

    Score
    10/10
    dcratinfostealerratdiscovery

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks