General

  • Target

    86fc25677c65f79419aff3fc6f0fa985bc69cd7e387656a7aeda1e40ac07a4c5

  • Size

    1.3MB

  • Sample

    221031-2rmeqaegfp

  • MD5

    62d73b47b7fde8d0a8ef3e36e2aba67c

  • SHA1

    ff43247f4f03153ad4f1f3756e3be59b679939ca

  • SHA256

    86fc25677c65f79419aff3fc6f0fa985bc69cd7e387656a7aeda1e40ac07a4c5

  • SHA512

    819739c17cbc5407684e3bb2b762ea88cbc2185c16bbe1cc9189a39446d6adbb3357e62f4d811c981e294416d46db78dcd5ee72c4bd263283b2add184f791dab

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      86fc25677c65f79419aff3fc6f0fa985bc69cd7e387656a7aeda1e40ac07a4c5

    • Size

      1.3MB

    • MD5

      62d73b47b7fde8d0a8ef3e36e2aba67c

    • SHA1

      ff43247f4f03153ad4f1f3756e3be59b679939ca

    • SHA256

      86fc25677c65f79419aff3fc6f0fa985bc69cd7e387656a7aeda1e40ac07a4c5

    • SHA512

      819739c17cbc5407684e3bb2b762ea88cbc2185c16bbe1cc9189a39446d6adbb3357e62f4d811c981e294416d46db78dcd5ee72c4bd263283b2add184f791dab

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks