General

  • Target

    11cb982a00e3ce1d7931994b321fe35821c761256236dac5976e563a1e74afdd

  • Size

    1.3MB

  • Sample

    221101-mlcwrsbghr

  • MD5

    00a254397e3899636aa80bc835692817

  • SHA1

    7cb12767ec295a813cd37c47dfecbb3330277e7a

  • SHA256

    11cb982a00e3ce1d7931994b321fe35821c761256236dac5976e563a1e74afdd

  • SHA512

    b86bddc6934ed71b89d289af64a03ba5b88578eee782222c84d5fd082bbcfad50f5dc796abe28be949df3caf8429fefb7c7615a244de441252172abd0cbd3037

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      11cb982a00e3ce1d7931994b321fe35821c761256236dac5976e563a1e74afdd

    • Size

      1.3MB

    • MD5

      00a254397e3899636aa80bc835692817

    • SHA1

      7cb12767ec295a813cd37c47dfecbb3330277e7a

    • SHA256

      11cb982a00e3ce1d7931994b321fe35821c761256236dac5976e563a1e74afdd

    • SHA512

      b86bddc6934ed71b89d289af64a03ba5b88578eee782222c84d5fd082bbcfad50f5dc796abe28be949df3caf8429fefb7c7615a244de441252172abd0cbd3037

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks