General

  • Target

    a9c86be2e85c491cb1c973e0201cd8921416c050a74fbf6a971eaa42a8565526

  • Size

    1.3MB

  • Sample

    221101-nwyfwsbeh4

  • MD5

    07c1b4e7245e90a377b75641150624d8

  • SHA1

    5986bbec62802ab9d8b13b6800845fbdef2d9dbc

  • SHA256

    a9c86be2e85c491cb1c973e0201cd8921416c050a74fbf6a971eaa42a8565526

  • SHA512

    3fac7e014d55d14672021e7379c72c1f5b632bb81b75883d293c33245ed3475811886d72191010df508a6844c5bde249e870c8c5c3dba5ecd1eb4c76274c7f7d

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      a9c86be2e85c491cb1c973e0201cd8921416c050a74fbf6a971eaa42a8565526

    • Size

      1.3MB

    • MD5

      07c1b4e7245e90a377b75641150624d8

    • SHA1

      5986bbec62802ab9d8b13b6800845fbdef2d9dbc

    • SHA256

      a9c86be2e85c491cb1c973e0201cd8921416c050a74fbf6a971eaa42a8565526

    • SHA512

      3fac7e014d55d14672021e7379c72c1f5b632bb81b75883d293c33245ed3475811886d72191010df508a6844c5bde249e870c8c5c3dba5ecd1eb4c76274c7f7d

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks