General

  • Target

    34352cfabfec5e3ce94d3dda096fe7bdac99fb123f6f0e8a7b86c235f5543892

  • Size

    1.3MB

  • Sample

    221031-2yd2xsdhh7

  • MD5

    5b4bb250580a75938abd0734d4688fb8

  • SHA1

    3bbe6f94032349dce5fd30fe63a8ba6455f06c79

  • SHA256

    34352cfabfec5e3ce94d3dda096fe7bdac99fb123f6f0e8a7b86c235f5543892

  • SHA512

    98510dd3d1324be21f3a6866450a51bdbebbf7f62b50920bf84616d7672373541a5fb096294b052a9399bb4c2d07af2880474565834273ff835b0e4aa387a6d2

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      34352cfabfec5e3ce94d3dda096fe7bdac99fb123f6f0e8a7b86c235f5543892

    • Size

      1.3MB

    • MD5

      5b4bb250580a75938abd0734d4688fb8

    • SHA1

      3bbe6f94032349dce5fd30fe63a8ba6455f06c79

    • SHA256

      34352cfabfec5e3ce94d3dda096fe7bdac99fb123f6f0e8a7b86c235f5543892

    • SHA512

      98510dd3d1324be21f3a6866450a51bdbebbf7f62b50920bf84616d7672373541a5fb096294b052a9399bb4c2d07af2880474565834273ff835b0e4aa387a6d2

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks