General

  • Target

    917953a865a54eec851b726b62e462d53e9b801d922e71bd16aea0e292a2190f

  • Size

    1.3MB

  • Sample

    221031-2p8vyaeger

  • MD5

    81e5c52c2ec79ebb5e568a0fffe628fe

  • SHA1

    b4b521fd604cfa1abc00d322e91859afc2bbef4e

  • SHA256

    917953a865a54eec851b726b62e462d53e9b801d922e71bd16aea0e292a2190f

  • SHA512

    2f7009461c0f3f8e8a77e044502d59476fa47a52cb2fa0a77ebc3ced1404c63217e5ed3ed2dd2adf867ec7b0a61076ac02d20fc31f02979266ec828ae71afcfb

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      917953a865a54eec851b726b62e462d53e9b801d922e71bd16aea0e292a2190f

    • Size

      1.3MB

    • MD5

      81e5c52c2ec79ebb5e568a0fffe628fe

    • SHA1

      b4b521fd604cfa1abc00d322e91859afc2bbef4e

    • SHA256

      917953a865a54eec851b726b62e462d53e9b801d922e71bd16aea0e292a2190f

    • SHA512

      2f7009461c0f3f8e8a77e044502d59476fa47a52cb2fa0a77ebc3ced1404c63217e5ed3ed2dd2adf867ec7b0a61076ac02d20fc31f02979266ec828ae71afcfb

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks