Overview

overview

10

Static

static

10

Providerho...ed.exe

windows10-2004-x64

10

Providerho...ed.exe

windows10-ltsc_2021-x64

10

Providerho...ed.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Providerhost_Slayed.exe

  • Size

    5.8MB

  • Sample

    250328-z7wl8atjy9

  • MD5

    263d0b6713e330af2c42a39ff1418807

  • SHA1

    ee6132238748ec57cd8e8d6c0521570be1866149

  • SHA256

    7ffaa6141811c066f72560675b8df9ca32e8a28431489e9fe9dd479c1004fa59

  • SHA512

    66a5b7d6bcc4426c6f188c8d1312d5257a62fd0b098dcc5fa72e1e8cf1d7f5be3e0263ec2faefefa97228ef634228968db22dd8e1dfe1f0a70a6d4bf7d26521d

  • SSDEEP

    98304:JP7kzuZ1cBGWwT/gIM7aNcYkJ+lTEYHerN79G9yhPH:JzdcBVWC7gc0lrHerfG9QP

Score
10/10
dcratdiscoveryinfostealerrat

Malware Config

Targets

    • Target

      Providerhost_Slayed.exe

    • Size

      5.8MB

    • MD5

      263d0b6713e330af2c42a39ff1418807

    • SHA1

      ee6132238748ec57cd8e8d6c0521570be1866149

    • SHA256

      7ffaa6141811c066f72560675b8df9ca32e8a28431489e9fe9dd479c1004fa59

    • SHA512

      66a5b7d6bcc4426c6f188c8d1312d5257a62fd0b098dcc5fa72e1e8cf1d7f5be3e0263ec2faefefa97228ef634228968db22dd8e1dfe1f0a70a6d4bf7d26521d

    • SSDEEP

      98304:JP7kzuZ1cBGWwT/gIM7aNcYkJ+lTEYHerN79G9yhPH:JzdcBVWC7gc0lrHerfG9QP

    Score
    10/10
    dcratdiscoveryinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • DCRat payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks