General

  • Target

    8067b18f35f1408759ffeebba8de82ebde46d578d15dcc1ac63ad9c5942bfe75

  • Size

    1.3MB

  • Sample

    221031-15nn9sdfa4

  • MD5

    e3d73bad0715fdcc4d6fe0130270af0d

  • SHA1

    80158491fbb4561c70d6795da05183edab198ae9

  • SHA256

    8067b18f35f1408759ffeebba8de82ebde46d578d15dcc1ac63ad9c5942bfe75

  • SHA512

    7d3052d82b540281bc013dbc52f082c01f64805f1713b61b37afa4f8a8eae5003eb09460b3feb1d75fbb1d97f8fd96aa2552b010a715aff3d3b4d68511203986

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      8067b18f35f1408759ffeebba8de82ebde46d578d15dcc1ac63ad9c5942bfe75

    • Size

      1.3MB

    • MD5

      e3d73bad0715fdcc4d6fe0130270af0d

    • SHA1

      80158491fbb4561c70d6795da05183edab198ae9

    • SHA256

      8067b18f35f1408759ffeebba8de82ebde46d578d15dcc1ac63ad9c5942bfe75

    • SHA512

      7d3052d82b540281bc013dbc52f082c01f64805f1713b61b37afa4f8a8eae5003eb09460b3feb1d75fbb1d97f8fd96aa2552b010a715aff3d3b4d68511203986

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks