Overview

overview

10

Static

static

1

malware.exe

windows7-x64

10

malware.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    malware.exe

  • Size

    1.9MB

  • Sample

    240701-a78t4sthpj

  • MD5

    4825e7df93d8acb3dd236cc14c342a71

  • SHA1

    5cc72cdde2d55a8c5e01ccd80cbb5743bc60ca1b

  • SHA256

    c84bbfce14fdc65c6e738ce1196d40066c87e58f443e23266d3b9e542b8a583e

  • SHA512

    a2e8aa90a719cdddb2f9a4fb21b43f6471cb06e0cb94bd041f26b6a4e11bd820a04c5ea832bb899a91db73d7114b046834afe788d6c03d71b1bf6697272de591

  • SSDEEP

    24576:Ware5SMXhd8zlKNfn6LQrmq4Ku0a7ttoXJZ4pt+NfCgPc52L6cnPmJ9C7CnzpCrk:WvgTW0uNmJPCrjTpM5B3L/q0vlU426n

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      malware.exe

    • Size

      1.9MB

    • MD5

      4825e7df93d8acb3dd236cc14c342a71

    • SHA1

      5cc72cdde2d55a8c5e01ccd80cbb5743bc60ca1b

    • SHA256

      c84bbfce14fdc65c6e738ce1196d40066c87e58f443e23266d3b9e542b8a583e

    • SHA512

      a2e8aa90a719cdddb2f9a4fb21b43f6471cb06e0cb94bd041f26b6a4e11bd820a04c5ea832bb899a91db73d7114b046834afe788d6c03d71b1bf6697272de591

    • SSDEEP

      24576:Ware5SMXhd8zlKNfn6LQrmq4Ku0a7ttoXJZ4pt+NfCgPc52L6cnPmJ9C7CnzpCrk:WvgTW0uNmJPCrjTpM5B3L/q0vlU426n

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks