General

  • Target

    0ca99ac2ce2d354c668c4d68ee1412ef556ee7228365ed67b2acb86f246bab92

  • Size

    1.3MB

  • Sample

    221101-mj3z6sbggk

  • MD5

    c63c67920363ec90aeb2ebaa01309f79

  • SHA1

    3f54c0694364d9ca3ca698a3027fe6a4e5d68210

  • SHA256

    0ca99ac2ce2d354c668c4d68ee1412ef556ee7228365ed67b2acb86f246bab92

  • SHA512

    d1d2cd08d8a13d8703a668cff0acfc565e17bc71e4e14be04352de8cd7202f63ce9dbeee83ca05d3592092195ea21c5979e34b9f73312e2bd2c9175ab0b708aa

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      0ca99ac2ce2d354c668c4d68ee1412ef556ee7228365ed67b2acb86f246bab92

    • Size

      1.3MB

    • MD5

      c63c67920363ec90aeb2ebaa01309f79

    • SHA1

      3f54c0694364d9ca3ca698a3027fe6a4e5d68210

    • SHA256

      0ca99ac2ce2d354c668c4d68ee1412ef556ee7228365ed67b2acb86f246bab92

    • SHA512

      d1d2cd08d8a13d8703a668cff0acfc565e17bc71e4e14be04352de8cd7202f63ce9dbeee83ca05d3592092195ea21c5979e34b9f73312e2bd2c9175ab0b708aa

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks