General

  • Target

    dd8eb5aa9f28f0a9b934ad715b62a9cd3c6a482e7f386dab360482cad3401191

  • Size

    1.3MB

  • Sample

    221031-2phzhsdha9

  • MD5

    69342a34cffe872383860b1e1f5af7ac

  • SHA1

    ac863545a3cc152f62cd7481a5a7a138cfb47cde

  • SHA256

    dd8eb5aa9f28f0a9b934ad715b62a9cd3c6a482e7f386dab360482cad3401191

  • SHA512

    aad9aaee13d9ed139d15e2931cedaed8eaa5af95ebd7f678352b3e421928ee1685240390db002d797fb135c62ee79532b898745b08c0d932ff453bb4dfc3c349

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      dd8eb5aa9f28f0a9b934ad715b62a9cd3c6a482e7f386dab360482cad3401191

    • Size

      1.3MB

    • MD5

      69342a34cffe872383860b1e1f5af7ac

    • SHA1

      ac863545a3cc152f62cd7481a5a7a138cfb47cde

    • SHA256

      dd8eb5aa9f28f0a9b934ad715b62a9cd3c6a482e7f386dab360482cad3401191

    • SHA512

      aad9aaee13d9ed139d15e2931cedaed8eaa5af95ebd7f678352b3e421928ee1685240390db002d797fb135c62ee79532b898745b08c0d932ff453bb4dfc3c349

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks