General

  • Target

    2b501f2bfafe8db483341cf032a367c5ef9c003d5f72f397b780536289090aec

  • Size

    1.3MB

  • Sample

    221101-mkwmgsbghl

  • MD5

    aa70a071ab91e714dfe43c09a422373d

  • SHA1

    9de63bb88d285326e4b1770bc90fafbcfd12cf59

  • SHA256

    2b501f2bfafe8db483341cf032a367c5ef9c003d5f72f397b780536289090aec

  • SHA512

    80943a74a5ea7e61625fc024435a1ef0c917845990a729fc7e97630624f46c6adc23efbda81b4c111e5729c6e725567a6b990d7301260939e88a67ceae873fc2

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      2b501f2bfafe8db483341cf032a367c5ef9c003d5f72f397b780536289090aec

    • Size

      1.3MB

    • MD5

      aa70a071ab91e714dfe43c09a422373d

    • SHA1

      9de63bb88d285326e4b1770bc90fafbcfd12cf59

    • SHA256

      2b501f2bfafe8db483341cf032a367c5ef9c003d5f72f397b780536289090aec

    • SHA512

      80943a74a5ea7e61625fc024435a1ef0c917845990a729fc7e97630624f46c6adc23efbda81b4c111e5729c6e725567a6b990d7301260939e88a67ceae873fc2

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks