General

  • Target

    b52b3620df1db7ea3d85b0f46d70c01fbb766ed4ad74da07bbe1c12b4cd61167

  • Size

    1.3MB

  • Sample

    221031-2qptfsegfl

  • MD5

    9ad10646d325637bc5303f9dd7ee3252

  • SHA1

    562ceac0521dceee0a16cbc79ccd0ce3830911f9

  • SHA256

    b52b3620df1db7ea3d85b0f46d70c01fbb766ed4ad74da07bbe1c12b4cd61167

  • SHA512

    334f34772103c2d542f2726fb2fdf0dd5c2c8484cbaffd3fe93ed5c9a87388a3f710bd8dc95a5960ebcdb605294f5cf9b1c0f77fa30dd4e897d9348b01ca56fb

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      b52b3620df1db7ea3d85b0f46d70c01fbb766ed4ad74da07bbe1c12b4cd61167

    • Size

      1.3MB

    • MD5

      9ad10646d325637bc5303f9dd7ee3252

    • SHA1

      562ceac0521dceee0a16cbc79ccd0ce3830911f9

    • SHA256

      b52b3620df1db7ea3d85b0f46d70c01fbb766ed4ad74da07bbe1c12b4cd61167

    • SHA512

      334f34772103c2d542f2726fb2fdf0dd5c2c8484cbaffd3fe93ed5c9a87388a3f710bd8dc95a5960ebcdb605294f5cf9b1c0f77fa30dd4e897d9348b01ca56fb

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks