General

  • Target

    52ab42dbbbdeaf9bb81dd3dd35defed279d24b7856c6da573e2acf5cf30f10aa

  • Size

    1.3MB

  • Sample

    221031-2zsayaeaa8

  • MD5

    b92bdd8bea0410c15d894c87c1a4bd7f

  • SHA1

    8c24cbdcb9815eb35d33af879a9be9d0e997cd24

  • SHA256

    52ab42dbbbdeaf9bb81dd3dd35defed279d24b7856c6da573e2acf5cf30f10aa

  • SHA512

    c8400d37a00c00e47342392784eba9e39c43152b42c65123ec1f48dbb22c1f14b0226deb891a0fe1e1fb2c141d4f993ec46be75a5b18dc232c5656a4eebdcecf

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      52ab42dbbbdeaf9bb81dd3dd35defed279d24b7856c6da573e2acf5cf30f10aa

    • Size

      1.3MB

    • MD5

      b92bdd8bea0410c15d894c87c1a4bd7f

    • SHA1

      8c24cbdcb9815eb35d33af879a9be9d0e997cd24

    • SHA256

      52ab42dbbbdeaf9bb81dd3dd35defed279d24b7856c6da573e2acf5cf30f10aa

    • SHA512

      c8400d37a00c00e47342392784eba9e39c43152b42c65123ec1f48dbb22c1f14b0226deb891a0fe1e1fb2c141d4f993ec46be75a5b18dc232c5656a4eebdcecf

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks