General

  • Target

    020c2c7854fb5cb272cae8f51231293907ff8b269df7346e5ae663c9a2b0f959

  • Size

    1.3MB

  • Sample

    221031-13877aedhr

  • MD5

    5b2b16e2e2521da42acec94ca99cc027

  • SHA1

    4aefed2c467a87cf19df0997c9676824cef8777a

  • SHA256

    020c2c7854fb5cb272cae8f51231293907ff8b269df7346e5ae663c9a2b0f959

  • SHA512

    ed2a158aacf23c1637939937cea6d6e3521036356c643c5b351e850f9d60584a8935423c2f2b61f4532d44ab8ceac7cd9fe41190e8433c7462d373db55b32eef

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      020c2c7854fb5cb272cae8f51231293907ff8b269df7346e5ae663c9a2b0f959

    • Size

      1.3MB

    • MD5

      5b2b16e2e2521da42acec94ca99cc027

    • SHA1

      4aefed2c467a87cf19df0997c9676824cef8777a

    • SHA256

      020c2c7854fb5cb272cae8f51231293907ff8b269df7346e5ae663c9a2b0f959

    • SHA512

      ed2a158aacf23c1637939937cea6d6e3521036356c643c5b351e850f9d60584a8935423c2f2b61f4532d44ab8ceac7cd9fe41190e8433c7462d373db55b32eef

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks