General

  • Target

    68daa69f26fbc142d6b8cc8b5a1d44615e47174a80c9e54619a7bd2ccc9151ae

  • Size

    1.3MB

  • Sample

    221031-1vxjesedam

  • MD5

    763553395a9df86d92fdc62dbfeb6a37

  • SHA1

    86a98da8a1e4e713467557fa64a3639cda9dc5f2

  • SHA256

    68daa69f26fbc142d6b8cc8b5a1d44615e47174a80c9e54619a7bd2ccc9151ae

  • SHA512

    f0d82cfa6a3ae063fcf55801e3a4fe2bedca645b082b5441bdca4d7a7761332e7d5c8999a7d4b0fe9ba01a3f9112d9ab593b830471a11a489c0d11ee05d53dd2

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      68daa69f26fbc142d6b8cc8b5a1d44615e47174a80c9e54619a7bd2ccc9151ae

    • Size

      1.3MB

    • MD5

      763553395a9df86d92fdc62dbfeb6a37

    • SHA1

      86a98da8a1e4e713467557fa64a3639cda9dc5f2

    • SHA256

      68daa69f26fbc142d6b8cc8b5a1d44615e47174a80c9e54619a7bd2ccc9151ae

    • SHA512

      f0d82cfa6a3ae063fcf55801e3a4fe2bedca645b082b5441bdca4d7a7761332e7d5c8999a7d4b0fe9ba01a3f9112d9ab593b830471a11a489c0d11ee05d53dd2

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks