General

  • Target

    2e4f6ab424648922f956ddbc10bcda5fc90a0f0fa52149bc8bcb7ae5ca191781

  • Size

    1.3MB

  • Sample

    221031-14g54aeeaj

  • MD5

    cfb824eef7a06d0bad2f3679edf234a4

  • SHA1

    9a6f0f77f562af8405bb51e099603a1f73c19ad0

  • SHA256

    2e4f6ab424648922f956ddbc10bcda5fc90a0f0fa52149bc8bcb7ae5ca191781

  • SHA512

    1fa76f0e3bdc0686c142d17d00cd4857b514e5a5d20f7c4015c07987a938404110b95ff6cdfb95f6542784e0d6531da9867327925095cfd9091c5017c66dcdc8

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      2e4f6ab424648922f956ddbc10bcda5fc90a0f0fa52149bc8bcb7ae5ca191781

    • Size

      1.3MB

    • MD5

      cfb824eef7a06d0bad2f3679edf234a4

    • SHA1

      9a6f0f77f562af8405bb51e099603a1f73c19ad0

    • SHA256

      2e4f6ab424648922f956ddbc10bcda5fc90a0f0fa52149bc8bcb7ae5ca191781

    • SHA512

      1fa76f0e3bdc0686c142d17d00cd4857b514e5a5d20f7c4015c07987a938404110b95ff6cdfb95f6542784e0d6531da9867327925095cfd9091c5017c66dcdc8

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks