DCRAT malware Evades SandBox that use Fake Internet by using the Google public DNS IP address....
Tags
| attack-pattern: | Model Dns - T1071.004 Dns - T1590.002 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | d7b0bd0d-60aa-4f1f-9b02-ec472609735e |
| Fingerprint | 4ab40be88eb21693 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 2, 2019, 7:19 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | {"®eve®se": "Enginee®ing"} |
| Title | DCRAT malware Evades SandBox that use Fake Internet by using the Google public DNS IP address.... |
| Detected Hints/Tags/Attributes | 15/1/18 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | hfjdhfgrhfnghvng.ru |
|
| Details | File | 2 | daaca.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 306 | services.exe |
|
| Details | File | 1 | rntdll.dll |
|
| Details | File | 5 | opencl.dll |
|
| Details | File | 2 | nvml.dll |
|
| Details | File | 1 | timemanager.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 1 | skernel32.dll |
|
| Details | md5 | 2 | b478d340a787b85e086cc951d0696cb1 |
|
| Details | sha1 | 1 | 563d9f1b35b4898d16aff1dccd8969299f7ab8b7 |
|
| Details | IPv4 | 2 | 178.21.11.90 |
|
| Details | IPv4 | 1 | 151.248.116.134 |
|
| Details | IPv4 | 2 | 37.140.199.65 |
|
| Details | IPv4 | 2 | 194.58.92.63 |
|
| Details | IPv4 | 2 | 185.146.157.143 |