General

  • Target

    795cb79660ab86c9b5d1c28557f1b08fb216bae54c7cd5fe92d1a050f52e7300

  • Size

    1.3MB

  • Sample

    221031-132hcadeg8

  • MD5

    f0b9fb5171b954a2273755b7bdc4c19a

  • SHA1

    19b74010de267b72f19c1188120fb9d5ef7679c2

  • SHA256

    795cb79660ab86c9b5d1c28557f1b08fb216bae54c7cd5fe92d1a050f52e7300

  • SHA512

    9e4afb58c09e3c54e22cb087b299a185e55b327f28d2bf73aca6e1ecc5c414a1133daff0d6edc5f6b16f6effd1a10b046cc83b502dc88e22e61738b8cfef04fc

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      795cb79660ab86c9b5d1c28557f1b08fb216bae54c7cd5fe92d1a050f52e7300

    • Size

      1.3MB

    • MD5

      f0b9fb5171b954a2273755b7bdc4c19a

    • SHA1

      19b74010de267b72f19c1188120fb9d5ef7679c2

    • SHA256

      795cb79660ab86c9b5d1c28557f1b08fb216bae54c7cd5fe92d1a050f52e7300

    • SHA512

      9e4afb58c09e3c54e22cb087b299a185e55b327f28d2bf73aca6e1ecc5c414a1133daff0d6edc5f6b16f6effd1a10b046cc83b502dc88e22e61738b8cfef04fc

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks