General

  • Target

    013e245f2fb6199fa3e8cb4c6d19bb9f879d0804d289659ac9db9ea4157cda17

  • Size

    1.3MB

  • Sample

    221031-15fnnadfa3

  • MD5

    9e1b9bd473dd52e0f35a1d55eb55cee8

  • SHA1

    af3477a68c801b7aebb68c4aa982835f16b17855

  • SHA256

    013e245f2fb6199fa3e8cb4c6d19bb9f879d0804d289659ac9db9ea4157cda17

  • SHA512

    ca15eab84284b8b34fff5a68973f01f79b65d2c72f94769f34c6824c50d6e1947f06ba9caa114e85c838f479bbe4f13a79eb03b9132ee2794952b6a2e4b41b47

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      013e245f2fb6199fa3e8cb4c6d19bb9f879d0804d289659ac9db9ea4157cda17

    • Size

      1.3MB

    • MD5

      9e1b9bd473dd52e0f35a1d55eb55cee8

    • SHA1

      af3477a68c801b7aebb68c4aa982835f16b17855

    • SHA256

      013e245f2fb6199fa3e8cb4c6d19bb9f879d0804d289659ac9db9ea4157cda17

    • SHA512

      ca15eab84284b8b34fff5a68973f01f79b65d2c72f94769f34c6824c50d6e1947f06ba9caa114e85c838f479bbe4f13a79eb03b9132ee2794952b6a2e4b41b47

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks