General

  • Target

    8dcf98a78f2b3ce3e1b16163a35b658f70fe0b276d4970034ec2a18f4fd3ed51

  • Size

    1.3MB

  • Sample

    221031-2z89fsehfp

  • MD5

    24507a649405f969b5912caecb8bebb1

  • SHA1

    fea19486529bc874abfe3cca5dbb80626054a1a8

  • SHA256

    8dcf98a78f2b3ce3e1b16163a35b658f70fe0b276d4970034ec2a18f4fd3ed51

  • SHA512

    24aef5196c8ae10315f4230c0f2c05da026f6b4717496ffca24f1d04022f02bf7bba699e06ab2b56950b954f8fc440718ef314baa15f15f3e9689fc9f1b0c4e5

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      8dcf98a78f2b3ce3e1b16163a35b658f70fe0b276d4970034ec2a18f4fd3ed51

    • Size

      1.3MB

    • MD5

      24507a649405f969b5912caecb8bebb1

    • SHA1

      fea19486529bc874abfe3cca5dbb80626054a1a8

    • SHA256

      8dcf98a78f2b3ce3e1b16163a35b658f70fe0b276d4970034ec2a18f4fd3ed51

    • SHA512

      24aef5196c8ae10315f4230c0f2c05da026f6b4717496ffca24f1d04022f02bf7bba699e06ab2b56950b954f8fc440718ef314baa15f15f3e9689fc9f1b0c4e5

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks