General

  • Target

    0c7b9f5ecf52ec2f5d8119ac8122afc8631bcf18b726e45976d28608b386ce34

  • Size

    1.3MB

  • Sample

    221031-2pzx2aegep

  • MD5

    5f74955888f64a99ae9ae2ce9ce7a90a

  • SHA1

    de75b7e881fb843fce2affc4eb0de86244750053

  • SHA256

    0c7b9f5ecf52ec2f5d8119ac8122afc8631bcf18b726e45976d28608b386ce34

  • SHA512

    f94cf26ea5209f13b0cb1eeda9d62546cb1c23b2b4be277f0764b19c4db936a486e4730eeb4c67170d5d94087b7cbf3a2d6209798b020c132a33ea679ac65dd1

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      0c7b9f5ecf52ec2f5d8119ac8122afc8631bcf18b726e45976d28608b386ce34

    • Size

      1.3MB

    • MD5

      5f74955888f64a99ae9ae2ce9ce7a90a

    • SHA1

      de75b7e881fb843fce2affc4eb0de86244750053

    • SHA256

      0c7b9f5ecf52ec2f5d8119ac8122afc8631bcf18b726e45976d28608b386ce34

    • SHA512

      f94cf26ea5209f13b0cb1eeda9d62546cb1c23b2b4be277f0764b19c4db936a486e4730eeb4c67170d5d94087b7cbf3a2d6209798b020c132a33ea679ac65dd1

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks