General

  • Target

    f4787944e95596ad1847910ce4180a20.exe

  • Size

    942KB

  • Sample

    210402-8fj8bd4yf6

  • MD5

    f4787944e95596ad1847910ce4180a20

  • SHA1

    f6ec2109ff3f3985ee6f73d0cf680343a90c8b2b

  • SHA256

    08acc4229c4d8424570ee93f20f7c60a0e9e0605f7dc8594d14d52209b72ce00

  • SHA512

    5466b793806093f291a0712846510c3573654bb7d0ded3b9f2a91a0238bd14ae4926fb1f1111a62b1c4e570f9ece54c2019c16c60b9c1af145b67ef9607e894b

Malware Config

Targets

    • Target

      f4787944e95596ad1847910ce4180a20.exe

    • Size

      942KB

    • MD5

      f4787944e95596ad1847910ce4180a20

    • SHA1

      f6ec2109ff3f3985ee6f73d0cf680343a90c8b2b

    • SHA256

      08acc4229c4d8424570ee93f20f7c60a0e9e0605f7dc8594d14d52209b72ce00

    • SHA512

      5466b793806093f291a0712846510c3573654bb7d0ded3b9f2a91a0238bd14ae4926fb1f1111a62b1c4e570f9ece54c2019c16c60b9c1af145b67ef9607e894b

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat Payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks