General

  • Target

    24dd91b5edbad468668cf195181228de89fe16d2622f1c74d0c30438f4db2a64

  • Size

    1.3MB

  • Sample

    221101-n1ymfsbfd3

  • MD5

    822e6af1685621db0e50808ed888c19e

  • SHA1

    85c5bffae23f03e24676c5e91b47899336cf77d8

  • SHA256

    24dd91b5edbad468668cf195181228de89fe16d2622f1c74d0c30438f4db2a64

  • SHA512

    9ae88bf787b25059b960233f6136fcbcb002394005ee4e9b0887ccd59bdad0d5a0b82b42e245df58d066335e0297765981c42ea6d4625ca1bfd80ea3a8d79ced

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      24dd91b5edbad468668cf195181228de89fe16d2622f1c74d0c30438f4db2a64

    • Size

      1.3MB

    • MD5

      822e6af1685621db0e50808ed888c19e

    • SHA1

      85c5bffae23f03e24676c5e91b47899336cf77d8

    • SHA256

      24dd91b5edbad468668cf195181228de89fe16d2622f1c74d0c30438f4db2a64

    • SHA512

      9ae88bf787b25059b960233f6136fcbcb002394005ee4e9b0887ccd59bdad0d5a0b82b42e245df58d066335e0297765981c42ea6d4625ca1bfd80ea3a8d79ced

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks