Overview

overview

10

Static

static

10

8fc9056ebe...86.exe

windows7-x64

10

8fc9056ebe...86.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8fc9056ebee5adcd70c3d96e53885fcb355030869137a6f1977a463759f15d86.exe

  • Size

    1.5MB

  • Sample

    240630-bplgja1fjf

  • MD5

    508012932c4ae48ea55fd9878cbc6fea

  • SHA1

    393f567d52f89502801e26bf7d27a603b12c5f89

  • SHA256

    8fc9056ebee5adcd70c3d96e53885fcb355030869137a6f1977a463759f15d86

  • SHA512

    3c7f87203d818491f6d1d3c88caed2705ee5b2c369374615b4c732894184dcc61b7770818d3c5a4a6b120e594ec21e48ce5c4bcd5fb2f2d814313fb0454a3e35

  • SSDEEP

    24576:u2G/nvxW3WieCVHIfa4YPdvEo074Zxgzv4AkDKiK0AtSSIb3gqAIjO:ubA3jRIi4noPhUi/Atbc3il

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      8fc9056ebee5adcd70c3d96e53885fcb355030869137a6f1977a463759f15d86.exe

    • Size

      1.5MB

    • MD5

      508012932c4ae48ea55fd9878cbc6fea

    • SHA1

      393f567d52f89502801e26bf7d27a603b12c5f89

    • SHA256

      8fc9056ebee5adcd70c3d96e53885fcb355030869137a6f1977a463759f15d86

    • SHA512

      3c7f87203d818491f6d1d3c88caed2705ee5b2c369374615b4c732894184dcc61b7770818d3c5a4a6b120e594ec21e48ce5c4bcd5fb2f2d814313fb0454a3e35

    • SSDEEP

      24576:u2G/nvxW3WieCVHIfa4YPdvEo074Zxgzv4AkDKiK0AtSSIb3gqAIjO:ubA3jRIi4noPhUi/Atbc3il

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks