General

  • Target

    1c13a059cb114c543f937c2be3721b5a70ee6ae5d5ab9a956b1a3fdb3d542502

  • Size

    1.3MB

  • Sample

    221101-mv7shabad3

  • MD5

    7387e10cfbc17b8523ed8de710f7fbc8

  • SHA1

    e0cac1d1de8f1f1833299ff31aed1939521c0809

  • SHA256

    1c13a059cb114c543f937c2be3721b5a70ee6ae5d5ab9a956b1a3fdb3d542502

  • SHA512

    c3ffb426328434b35ac370103e8fe3bff8b555db18a232a71bd7d2f8abe9565560552316760231baf9823a4dd92acaf46ddaee1527ef20e0144a960ddc91ccda

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      1c13a059cb114c543f937c2be3721b5a70ee6ae5d5ab9a956b1a3fdb3d542502

    • Size

      1.3MB

    • MD5

      7387e10cfbc17b8523ed8de710f7fbc8

    • SHA1

      e0cac1d1de8f1f1833299ff31aed1939521c0809

    • SHA256

      1c13a059cb114c543f937c2be3721b5a70ee6ae5d5ab9a956b1a3fdb3d542502

    • SHA512

      c3ffb426328434b35ac370103e8fe3bff8b555db18a232a71bd7d2f8abe9565560552316760231baf9823a4dd92acaf46ddaee1527ef20e0144a960ddc91ccda

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks