General

  • Target

    095c8b3bc99a68baadd8b931bd31295fc9f9c928354344cceaf5c235d28adfd3

  • Size

    1.3MB

  • Sample

    221101-mlm2qsbham

  • MD5

    cb7aaa2d2dbf4c099f72fd31a2562123

  • SHA1

    a82f40157e27ec160b7ed47ed480ca2436c37f23

  • SHA256

    095c8b3bc99a68baadd8b931bd31295fc9f9c928354344cceaf5c235d28adfd3

  • SHA512

    36e03df57cb05c79835badd6a9ac5fa6f69c1d2b872747db157b29399b7db2abec9384f8817b484072c30ca195a960e0e98d6d0d4befb731245f4b661b2cb945

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      095c8b3bc99a68baadd8b931bd31295fc9f9c928354344cceaf5c235d28adfd3

    • Size

      1.3MB

    • MD5

      cb7aaa2d2dbf4c099f72fd31a2562123

    • SHA1

      a82f40157e27ec160b7ed47ed480ca2436c37f23

    • SHA256

      095c8b3bc99a68baadd8b931bd31295fc9f9c928354344cceaf5c235d28adfd3

    • SHA512

      36e03df57cb05c79835badd6a9ac5fa6f69c1d2b872747db157b29399b7db2abec9384f8817b484072c30ca195a960e0e98d6d0d4befb731245f4b661b2cb945

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks