General

  • Target

    00f502d340e83e32d0ccc3bc2244c508349f892d77df171dead95613d5bca26c

  • Size

    1.3MB

  • Sample

    221031-2r5ajaeggn

  • MD5

    680bf02e654cceb547c8994600abb2d1

  • SHA1

    a7397e28147dd7012cc7de4be2c1a55ef0013c09

  • SHA256

    00f502d340e83e32d0ccc3bc2244c508349f892d77df171dead95613d5bca26c

  • SHA512

    04679eaa9b238ab12ffd5eeb89a965cd4adea644ee53a5fea74d0255cf6ed60ea4dd6f9797c81f4354974f899ddba2f4d5a7132229419e79bdb97dd282bb6b26

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      00f502d340e83e32d0ccc3bc2244c508349f892d77df171dead95613d5bca26c

    • Size

      1.3MB

    • MD5

      680bf02e654cceb547c8994600abb2d1

    • SHA1

      a7397e28147dd7012cc7de4be2c1a55ef0013c09

    • SHA256

      00f502d340e83e32d0ccc3bc2244c508349f892d77df171dead95613d5bca26c

    • SHA512

      04679eaa9b238ab12ffd5eeb89a965cd4adea644ee53a5fea74d0255cf6ed60ea4dd6f9797c81f4354974f899ddba2f4d5a7132229419e79bdb97dd282bb6b26

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks