General

  • Target

    717654080189ae89a4c0173c4e391a53b4f321cf17036a22447f4068eab756fe

  • Size

    1.3MB

  • Sample

    221101-nx8m9abfb2

  • MD5

    506eb6cabb965526be45934ce1a8852f

  • SHA1

    d1786794e0e13dec4b976ebcd9e1ef2f4e3ed781

  • SHA256

    717654080189ae89a4c0173c4e391a53b4f321cf17036a22447f4068eab756fe

  • SHA512

    da97be5595761f94568ffc6dbc3c2d62d34f0d52ed015526d3231a80c1f33c56e2310b13dee429a4868079515aa8072006421d983141254279857040b2d2fb36

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      717654080189ae89a4c0173c4e391a53b4f321cf17036a22447f4068eab756fe

    • Size

      1.3MB

    • MD5

      506eb6cabb965526be45934ce1a8852f

    • SHA1

      d1786794e0e13dec4b976ebcd9e1ef2f4e3ed781

    • SHA256

      717654080189ae89a4c0173c4e391a53b4f321cf17036a22447f4068eab756fe

    • SHA512

      da97be5595761f94568ffc6dbc3c2d62d34f0d52ed015526d3231a80c1f33c56e2310b13dee429a4868079515aa8072006421d983141254279857040b2d2fb36

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks