General

  • Target

    54172888b473f2515b13fe1e2032a112.exe

  • Size

    1MB

  • Sample

    220805-2ssywsfgcn

  • MD5

    54172888b473f2515b13fe1e2032a112

  • SHA1

    fc4ff4d53a1ea6cfee9265840bfc1dda0ee8c1e6

  • SHA256

    05379ea4600304f51cffa8d1ee9e3b2931a69129f6bed14d45a500d966a71fca

  • SHA512

    d09ce140712a46f3f94eaaf0c567ca30ce6de8b81ed8b45961cf6f4211225b43e6944dba769c212e11f836cf579932883a28d798353af9d6bd71c40e8a8f90a5

Score
10/10

Malware Config

Targets

    • Target

      54172888b473f2515b13fe1e2032a112.exe

    • Size

      1MB

    • MD5

      54172888b473f2515b13fe1e2032a112

    • SHA1

      fc4ff4d53a1ea6cfee9265840bfc1dda0ee8c1e6

    • SHA256

      05379ea4600304f51cffa8d1ee9e3b2931a69129f6bed14d45a500d966a71fca

    • SHA512

      d09ce140712a46f3f94eaaf0c567ca30ce6de8b81ed8b45961cf6f4211225b43e6944dba769c212e11f836cf579932883a28d798353af9d6bd71c40e8a8f90a5

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                    Privilege Escalation