General

  • Target

    83967111bcd018bdfa502dca6486d12b0e5407207d612fa64c1305ac081a0360

  • Size

    1.3MB

  • Sample

    221101-nmvzeabdg7

  • MD5

    f1b9b08b30e28d44fbaa4bba3d8b904c

  • SHA1

    b30dc046c2182f22554f2960f267f6d98512ce48

  • SHA256

    83967111bcd018bdfa502dca6486d12b0e5407207d612fa64c1305ac081a0360

  • SHA512

    b162787c6d385bd32dac94b76b8040116ff60c58be8b800db7b329671a78af929aecb25ae499b7e3cf11926178f6ead597e437c9ce1d9db292975765dbaa78ac

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      83967111bcd018bdfa502dca6486d12b0e5407207d612fa64c1305ac081a0360

    • Size

      1.3MB

    • MD5

      f1b9b08b30e28d44fbaa4bba3d8b904c

    • SHA1

      b30dc046c2182f22554f2960f267f6d98512ce48

    • SHA256

      83967111bcd018bdfa502dca6486d12b0e5407207d612fa64c1305ac081a0360

    • SHA512

      b162787c6d385bd32dac94b76b8040116ff60c58be8b800db7b329671a78af929aecb25ae499b7e3cf11926178f6ead597e437c9ce1d9db292975765dbaa78ac

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks