General

  • Target

    7c2775abae1396ba1f1f89b91bce63a9a63bb5ee4e637197e75a22091bfffaa4

  • Size

    1.3MB

  • Sample

    221031-1vnxaadea8

  • MD5

    e66a62df308d5063fd55cca09ebbb957

  • SHA1

    d627c89cb83a41bc6fbb39f818abb5e72c6021cb

  • SHA256

    7c2775abae1396ba1f1f89b91bce63a9a63bb5ee4e637197e75a22091bfffaa4

  • SHA512

    62db5d037715b12bc70169eeea286c248a5a1268b972aa3bd9fb5c2e63189b4fb1abf8f9c154e0882880e0e4f4199caa4819aad2d0c973995481b5d8316596d0

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      7c2775abae1396ba1f1f89b91bce63a9a63bb5ee4e637197e75a22091bfffaa4

    • Size

      1.3MB

    • MD5

      e66a62df308d5063fd55cca09ebbb957

    • SHA1

      d627c89cb83a41bc6fbb39f818abb5e72c6021cb

    • SHA256

      7c2775abae1396ba1f1f89b91bce63a9a63bb5ee4e637197e75a22091bfffaa4

    • SHA512

      62db5d037715b12bc70169eeea286c248a5a1268b972aa3bd9fb5c2e63189b4fb1abf8f9c154e0882880e0e4f4199caa4819aad2d0c973995481b5d8316596d0

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks