General

  • Target

    73f885b93952cf1dafd93a649ea09ff619904c81f8252edc48044a7146d510b5

  • Size

    1.3MB

  • Sample

    221101-nm473sbdg9

  • MD5

    6c27fa41d45eb3ad99b7449111956442

  • SHA1

    b30df93499eb468648e95ecb7b31eb660695d17a

  • SHA256

    73f885b93952cf1dafd93a649ea09ff619904c81f8252edc48044a7146d510b5

  • SHA512

    e5d73acb899287a526af973ab684e8db46604d448b1a9a63a9753f97624135c8541a0051e5d6916520de3dfe671b5718d5d63407b86c9094a64f2f4a65fdbb26

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      73f885b93952cf1dafd93a649ea09ff619904c81f8252edc48044a7146d510b5

    • Size

      1.3MB

    • MD5

      6c27fa41d45eb3ad99b7449111956442

    • SHA1

      b30df93499eb468648e95ecb7b31eb660695d17a

    • SHA256

      73f885b93952cf1dafd93a649ea09ff619904c81f8252edc48044a7146d510b5

    • SHA512

      e5d73acb899287a526af973ab684e8db46604d448b1a9a63a9753f97624135c8541a0051e5d6916520de3dfe671b5718d5d63407b86c9094a64f2f4a65fdbb26

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks