General

  • Target

    76980ec8e1d74ef535dedf4a56502feeeb80050e56df7254d0baf3dc1287a293

  • Size

    1.3MB

  • Sample

    221031-1vfkxaedak

  • MD5

    3b66a309a7e98597d7a951411ef39a1e

  • SHA1

    69bc7aed87a699d53e9fdfcc94974d6d61961e0c

  • SHA256

    76980ec8e1d74ef535dedf4a56502feeeb80050e56df7254d0baf3dc1287a293

  • SHA512

    8c0295034603005c4698527d930094be924935624dd1e4479e5bf8032021c97acbdd86b660af745ccc1faf6a03190bcc87990af732d3ecfbe08a870e640674f9

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      76980ec8e1d74ef535dedf4a56502feeeb80050e56df7254d0baf3dc1287a293

    • Size

      1.3MB

    • MD5

      3b66a309a7e98597d7a951411ef39a1e

    • SHA1

      69bc7aed87a699d53e9fdfcc94974d6d61961e0c

    • SHA256

      76980ec8e1d74ef535dedf4a56502feeeb80050e56df7254d0baf3dc1287a293

    • SHA512

      8c0295034603005c4698527d930094be924935624dd1e4479e5bf8032021c97acbdd86b660af745ccc1faf6a03190bcc87990af732d3ecfbe08a870e640674f9

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks