General

  • Target

    44fd9e5ee2d3c3ecb579fe1b194eedaa1d0fc872dfdf76ffa62ace20050fcdaf

  • Size

    1.3MB

  • Sample

    221031-1wwnhsdec2

  • MD5

    5f368e4be1493c3394c093c4efbcf4a6

  • SHA1

    519a64192320ee05a1177e10fbdc551350ec4792

  • SHA256

    44fd9e5ee2d3c3ecb579fe1b194eedaa1d0fc872dfdf76ffa62ace20050fcdaf

  • SHA512

    be1086d83f6cfa9dfa5289cd8fe6daba7839bdef32c641d9b2e1901da21090d02bc32a2e8d7fa2c7bd9d8305c4795f7ead32a9dae79aa3a60db9f982d281045b

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      44fd9e5ee2d3c3ecb579fe1b194eedaa1d0fc872dfdf76ffa62ace20050fcdaf

    • Size

      1.3MB

    • MD5

      5f368e4be1493c3394c093c4efbcf4a6

    • SHA1

      519a64192320ee05a1177e10fbdc551350ec4792

    • SHA256

      44fd9e5ee2d3c3ecb579fe1b194eedaa1d0fc872dfdf76ffa62ace20050fcdaf

    • SHA512

      be1086d83f6cfa9dfa5289cd8fe6daba7839bdef32c641d9b2e1901da21090d02bc32a2e8d7fa2c7bd9d8305c4795f7ead32a9dae79aa3a60db9f982d281045b

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks