Overview

overview

10

Static

static

3

roblox cheat.exe

windows7-x64

roblox cheat.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    roblox cheat.exe

  • Size

    13.3MB

  • Sample

    240630-m9sl5azenm

  • MD5

    8a7152ffede480f64cc5eabc42d2b363

  • SHA1

    e5bc1f7e950197834be927bd889545a516a766f6

  • SHA256

    e55dc8cbe7a1c924ad0dc323608dee0bed109ac7b7498fa7f47566ad9640126f

  • SHA512

    9d2fd8bbebc01d2acfe6e47b85a18ce39efd00cfefa1af062d58c56c24ad2c81164a9a7761dcbe39a9df36eda08652ec2f0328ed76ddc426a7941969a289fa5d

  • SSDEEP

    196608:ZqwxqxWqsDrnZS3ZuGDMYpCbj8ZVQqJHZbLgVDmFG5fxljAsO8bzuw5G0GIlyVuW:8yw3oGJpCvQbdUmFQljtGfIgkPySP6J

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      roblox cheat.exe

    • Size

      13.3MB

    • MD5

      8a7152ffede480f64cc5eabc42d2b363

    • SHA1

      e5bc1f7e950197834be927bd889545a516a766f6

    • SHA256

      e55dc8cbe7a1c924ad0dc323608dee0bed109ac7b7498fa7f47566ad9640126f

    • SHA512

      9d2fd8bbebc01d2acfe6e47b85a18ce39efd00cfefa1af062d58c56c24ad2c81164a9a7761dcbe39a9df36eda08652ec2f0328ed76ddc426a7941969a289fa5d

    • SSDEEP

      196608:ZqwxqxWqsDrnZS3ZuGDMYpCbj8ZVQqJHZbLgVDmFG5fxljAsO8bzuw5G0GIlyVuW:8yw3oGJpCvQbdUmFQljtGfIgkPySP6J

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks