General

  • Target

    93e21e14b4de271e85ae8ef4e2694482a60f2317a1581b3a96e9801c4e4bd367

  • Size

    1.3MB

  • Sample

    221031-2ynw5aehdr

  • MD5

    325bcd88f34e2251c0b194e02f45750c

  • SHA1

    f3050f2835d9dbc3947c8f521093844639eaefc6

  • SHA256

    93e21e14b4de271e85ae8ef4e2694482a60f2317a1581b3a96e9801c4e4bd367

  • SHA512

    4d5208468ee2a7af97b496f3fb4d118e4cde2507b79ca6037f432f5c2adbdf0ea82b3a2546aa93e0a1dcd47e5e03edaf63860ffc9725df134ad9d9fdb1978964

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      93e21e14b4de271e85ae8ef4e2694482a60f2317a1581b3a96e9801c4e4bd367

    • Size

      1.3MB

    • MD5

      325bcd88f34e2251c0b194e02f45750c

    • SHA1

      f3050f2835d9dbc3947c8f521093844639eaefc6

    • SHA256

      93e21e14b4de271e85ae8ef4e2694482a60f2317a1581b3a96e9801c4e4bd367

    • SHA512

      4d5208468ee2a7af97b496f3fb4d118e4cde2507b79ca6037f432f5c2adbdf0ea82b3a2546aa93e0a1dcd47e5e03edaf63860ffc9725df134ad9d9fdb1978964

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks