General

  • Target

    045a801f356ba80600f1d8825fa19dbb7f890e98dec53a40f33cf6cc5abfe8f8

  • Size

    1.3MB

  • Sample

    221101-mjazdsbger

  • MD5

    9baecc7c7298379b3cf6fd14f10afa55

  • SHA1

    e77f0b12592d54156cc9081a2c4671567d6061c5

  • SHA256

    045a801f356ba80600f1d8825fa19dbb7f890e98dec53a40f33cf6cc5abfe8f8

  • SHA512

    9fa550d1220ac0521534e64eee0778a9cbe5862d433736462f4137cb640de444ea3603b25aa811d476af85c4fb9630a016c5ecde02c9dde5c47790db8052ff80

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      045a801f356ba80600f1d8825fa19dbb7f890e98dec53a40f33cf6cc5abfe8f8

    • Size

      1.3MB

    • MD5

      9baecc7c7298379b3cf6fd14f10afa55

    • SHA1

      e77f0b12592d54156cc9081a2c4671567d6061c5

    • SHA256

      045a801f356ba80600f1d8825fa19dbb7f890e98dec53a40f33cf6cc5abfe8f8

    • SHA512

      9fa550d1220ac0521534e64eee0778a9cbe5862d433736462f4137cb640de444ea3603b25aa811d476af85c4fb9630a016c5ecde02c9dde5c47790db8052ff80

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks