Extracted

Extracted

• • Target

    https://download.oxy.cloud/d/bchi/2/858f276bb0052113f612791ea5f59928

  Score

  10^/10

  dcratgurcuphemedroneumbralcredential_accessdefense_evasiondiscoveryinfostealerpersistenceratspywarestealer

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat

  • Dcrat family

    dcrat

  • Detect Umbral payload

  • Gurcu family

    gurcu

  • Gurcu, WhiteSnake

    Gurcu aka WhiteSnake is a malware stealer written in C#.

    stealergurcu

  • Phemedrone

    An information and wallet stealer written in C#.

    stealerphemedrone

  • Phemedrone family

    phemedrone

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • DCRat payload

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies WinLogon

    persistence
  behavioral1