General

  • Target

    43906eef7310e0de0b9c0394dc8418348e130a2f2d6d19ab4250b8a11f6d2c04

  • Size

    1.3MB

  • Sample

    221031-2zbm7aeheq

  • MD5

    d61e34fd865df9c48b80c2d462d472eb

  • SHA1

    c833d7ea0b82db54e5c0312229bbcc13c9388f5c

  • SHA256

    43906eef7310e0de0b9c0394dc8418348e130a2f2d6d19ab4250b8a11f6d2c04

  • SHA512

    a08eb57f46bd1c5e53ec239348822f02113ad41f39dc8994f7b4520332f231784849a67550327bb27058be467aab06d20d38a3f0e10f333c7a830252f7ef1e76

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      43906eef7310e0de0b9c0394dc8418348e130a2f2d6d19ab4250b8a11f6d2c04

    • Size

      1.3MB

    • MD5

      d61e34fd865df9c48b80c2d462d472eb

    • SHA1

      c833d7ea0b82db54e5c0312229bbcc13c9388f5c

    • SHA256

      43906eef7310e0de0b9c0394dc8418348e130a2f2d6d19ab4250b8a11f6d2c04

    • SHA512

      a08eb57f46bd1c5e53ec239348822f02113ad41f39dc8994f7b4520332f231784849a67550327bb27058be467aab06d20d38a3f0e10f333c7a830252f7ef1e76

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks