General

  • Target

    e169f580adcf2c1ecde5179ef1ef04c62fb164493ed296fd5ba752b40a9f876f

  • Size

    1.3MB

  • Sample

    221101-nmlqqscdcm

  • MD5

    5adcab3a817aa61d37adca5b4fee4db1

  • SHA1

    4bd46950e811638957c99d6665c80f2c442951a7

  • SHA256

    e169f580adcf2c1ecde5179ef1ef04c62fb164493ed296fd5ba752b40a9f876f

  • SHA512

    ac795800a0923185b2177a5d707c610b9f60fe87b57413e612357944bd2448eb4bab2c26cc3d7e4709b3ea062e470b548e5ad671bee7af18ba9ffc7873e2557a

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      e169f580adcf2c1ecde5179ef1ef04c62fb164493ed296fd5ba752b40a9f876f

    • Size

      1.3MB

    • MD5

      5adcab3a817aa61d37adca5b4fee4db1

    • SHA1

      4bd46950e811638957c99d6665c80f2c442951a7

    • SHA256

      e169f580adcf2c1ecde5179ef1ef04c62fb164493ed296fd5ba752b40a9f876f

    • SHA512

      ac795800a0923185b2177a5d707c610b9f60fe87b57413e612357944bd2448eb4bab2c26cc3d7e4709b3ea062e470b548e5ad671bee7af18ba9ffc7873e2557a

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks