General

  • Target

    f5a576e78853c8cd837290125d62aec763c5a552525aadff9a8396479d1a1137

  • Size

    1.3MB

  • Sample

    221101-mwyk8abad9

  • MD5

    db6d79ce5c7077c91e2d080a724d8eb2

  • SHA1

    8a6c6e5034f09b0a4c1ca6f549c0c7b7c9ebda11

  • SHA256

    f5a576e78853c8cd837290125d62aec763c5a552525aadff9a8396479d1a1137

  • SHA512

    273e2730a8992a49c87ce04d2c079983d2ac1f117949fa2eba030ea0f219d048777e24c00324bcffe29df2fb54f904130796265a84d82634af2c0605f19ccd40

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      f5a576e78853c8cd837290125d62aec763c5a552525aadff9a8396479d1a1137

    • Size

      1.3MB

    • MD5

      db6d79ce5c7077c91e2d080a724d8eb2

    • SHA1

      8a6c6e5034f09b0a4c1ca6f549c0c7b7c9ebda11

    • SHA256

      f5a576e78853c8cd837290125d62aec763c5a552525aadff9a8396479d1a1137

    • SHA512

      273e2730a8992a49c87ce04d2c079983d2ac1f117949fa2eba030ea0f219d048777e24c00324bcffe29df2fb54f904130796265a84d82634af2c0605f19ccd40

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks