General

  • Target

    41e50a1065a017fa83499ed5acfdeb2c741ddf170012a51a5f407f768f6f7b33

  • Size

    1.3MB

  • Sample

    221031-1v56kadeb3

  • MD5

    f7fd0b658eaac68037f56af9928a98cb

  • SHA1

    97dd670181764e698c8ba24d0416a8533d7dd2c6

  • SHA256

    41e50a1065a017fa83499ed5acfdeb2c741ddf170012a51a5f407f768f6f7b33

  • SHA512

    60b99521b4fd92ababbbac91910514decbd20555b5777c94bd3100419a8715a8d0dca9a544b28aa1f54f17c06231e62fa19f56c326f260b43d9b8c5da3479dbe

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      41e50a1065a017fa83499ed5acfdeb2c741ddf170012a51a5f407f768f6f7b33

    • Size

      1.3MB

    • MD5

      f7fd0b658eaac68037f56af9928a98cb

    • SHA1

      97dd670181764e698c8ba24d0416a8533d7dd2c6

    • SHA256

      41e50a1065a017fa83499ed5acfdeb2c741ddf170012a51a5f407f768f6f7b33

    • SHA512

      60b99521b4fd92ababbbac91910514decbd20555b5777c94bd3100419a8715a8d0dca9a544b28aa1f54f17c06231e62fa19f56c326f260b43d9b8c5da3479dbe

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks