General

  • Target

    e05abd3361512adfe518f73fc008d6a71445bba1a7bcfe23e40113be3d010b38

  • Size

    1.3MB

  • Sample

    221101-mk4cbsahb4

  • MD5

    0609f4caaa0c66b20f08d299358d143d

  • SHA1

    6f4f4034f94664036ddab57a1a21a15006f5771f

  • SHA256

    e05abd3361512adfe518f73fc008d6a71445bba1a7bcfe23e40113be3d010b38

  • SHA512

    a8040ba249509cb314a3dd924c5d9c47efa05704e7b1a0290b24c9513f4cbafa6d2d4d043f6cd05d028e7120c30c45b71a388893f4171dc6183161842d1d99e1

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      e05abd3361512adfe518f73fc008d6a71445bba1a7bcfe23e40113be3d010b38

    • Size

      1.3MB

    • MD5

      0609f4caaa0c66b20f08d299358d143d

    • SHA1

      6f4f4034f94664036ddab57a1a21a15006f5771f

    • SHA256

      e05abd3361512adfe518f73fc008d6a71445bba1a7bcfe23e40113be3d010b38

    • SHA512

      a8040ba249509cb314a3dd924c5d9c47efa05704e7b1a0290b24c9513f4cbafa6d2d4d043f6cd05d028e7120c30c45b71a388893f4171dc6183161842d1d99e1

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks