General

  • Target

    a8882de8915ecce9221b613dacd1d17d03259c6d36133a8c0ca2ea2a7fd678ba

  • Size

    1.3MB

  • Sample

    221031-1t7m1adea4

  • MD5

    35cbf6c3ebd630ec4396fb18e13b864c

  • SHA1

    641a686d7faebf4621d43b324bf7436ed8790321

  • SHA256

    a8882de8915ecce9221b613dacd1d17d03259c6d36133a8c0ca2ea2a7fd678ba

  • SHA512

    fa7f2383953d5fac75fc4eb0bf56ef9f5b81452817dfe171503dbdc0ec6cd354a07f6c81eaecf4202d0bb858ba2eb37ca6d97ddb615b4de3d7513d3e2a436d58

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      a8882de8915ecce9221b613dacd1d17d03259c6d36133a8c0ca2ea2a7fd678ba

    • Size

      1.3MB

    • MD5

      35cbf6c3ebd630ec4396fb18e13b864c

    • SHA1

      641a686d7faebf4621d43b324bf7436ed8790321

    • SHA256

      a8882de8915ecce9221b613dacd1d17d03259c6d36133a8c0ca2ea2a7fd678ba

    • SHA512

      fa7f2383953d5fac75fc4eb0bf56ef9f5b81452817dfe171503dbdc0ec6cd354a07f6c81eaecf4202d0bb858ba2eb37ca6d97ddb615b4de3d7513d3e2a436d58

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks