General

  • Target

    2cedc4963fd4ea204ba1dd2de0d48fe58c7ef2e0667826d13a198ebf07caecdc

  • Size

    1.3MB

  • Sample

    221031-2rd4caegfn

  • MD5

    a39f8c217d90a8fa67d1dda6f097208b

  • SHA1

    686b58b9f9d2a8a9ea931087a5252a881a670c69

  • SHA256

    2cedc4963fd4ea204ba1dd2de0d48fe58c7ef2e0667826d13a198ebf07caecdc

  • SHA512

    815ce22afdcc752953d6558e196a5e0c3c797ff91457880d5edfabe0ab81344f1e89675aa568402a60c31dd06b33a3987e1eaaf337aed1f8896b75673bd2035f

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      2cedc4963fd4ea204ba1dd2de0d48fe58c7ef2e0667826d13a198ebf07caecdc

    • Size

      1.3MB

    • MD5

      a39f8c217d90a8fa67d1dda6f097208b

    • SHA1

      686b58b9f9d2a8a9ea931087a5252a881a670c69

    • SHA256

      2cedc4963fd4ea204ba1dd2de0d48fe58c7ef2e0667826d13a198ebf07caecdc

    • SHA512

      815ce22afdcc752953d6558e196a5e0c3c797ff91457880d5edfabe0ab81344f1e89675aa568402a60c31dd06b33a3987e1eaaf337aed1f8896b75673bd2035f

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks