General

  • Target

    00a927029c3a5c6326e14092255afbf8ad5c86b063f786306decfaf549337083

  • Size

    1.3MB

  • Sample

    221031-1w5anaedcj

  • MD5

    0d06176f1e465331ce8cdc6419195b3f

  • SHA1

    e2cce4f536a1895567f33a0a21f63d04c02422b3

  • SHA256

    00a927029c3a5c6326e14092255afbf8ad5c86b063f786306decfaf549337083

  • SHA512

    37ba3ecf512ca996bf9eee8d9011cc0df007561a65b1edb080c77c0d87b2de376c126bcbc94fd9d46eb176ed6eac6021b49471a69daaf229dfee196418e5aea5

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      00a927029c3a5c6326e14092255afbf8ad5c86b063f786306decfaf549337083

    • Size

      1.3MB

    • MD5

      0d06176f1e465331ce8cdc6419195b3f

    • SHA1

      e2cce4f536a1895567f33a0a21f63d04c02422b3

    • SHA256

      00a927029c3a5c6326e14092255afbf8ad5c86b063f786306decfaf549337083

    • SHA512

      37ba3ecf512ca996bf9eee8d9011cc0df007561a65b1edb080c77c0d87b2de376c126bcbc94fd9d46eb176ed6eac6021b49471a69daaf229dfee196418e5aea5

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks