General

  • Target

    6fd93202391c413fd29cdf2a0335a44f2ec960b31ac51d328f3a581d0428e840

  • Size

    1.3MB

  • Sample

    221101-msezpsbaa4

  • MD5

    0341ab5a5d3d869672a4f67c39d1e701

  • SHA1

    c59bccee4a48f2ab29764ed277afde3b95bb7a4b

  • SHA256

    6fd93202391c413fd29cdf2a0335a44f2ec960b31ac51d328f3a581d0428e840

  • SHA512

    93c9c7a5fd6866529dec1f99f813ab371e24102130275ea32435cc8ff7fc429a22abe377e89d895dfb3f0575664890fd7285bd0fd3b4474cd24d8c5593bd0bfe

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      6fd93202391c413fd29cdf2a0335a44f2ec960b31ac51d328f3a581d0428e840

    • Size

      1.3MB

    • MD5

      0341ab5a5d3d869672a4f67c39d1e701

    • SHA1

      c59bccee4a48f2ab29764ed277afde3b95bb7a4b

    • SHA256

      6fd93202391c413fd29cdf2a0335a44f2ec960b31ac51d328f3a581d0428e840

    • SHA512

      93c9c7a5fd6866529dec1f99f813ab371e24102130275ea32435cc8ff7fc429a22abe377e89d895dfb3f0575664890fd7285bd0fd3b4474cd24d8c5593bd0bfe

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks