General

  • Target

    ccfb36f935b386036773e456b5d15744a72426ba9b1f0b329efa8e54dffb3531

  • Size

    1.3MB

  • Sample

    221101-nxep6scedk

  • MD5

    bc3d01320d7c5ccee01146255acad0de

  • SHA1

    304146f97774834c7d76d0762ef026884a74c077

  • SHA256

    ccfb36f935b386036773e456b5d15744a72426ba9b1f0b329efa8e54dffb3531

  • SHA512

    945e73f285fdace62c6892cbe68659ae6d9d357f6cfe9b5c415335d45c355304e087b8beae69298ef43befbbfe71bc7a1d8bc9a330e7f693e0029926cdb3a7e8

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      ccfb36f935b386036773e456b5d15744a72426ba9b1f0b329efa8e54dffb3531

    • Size

      1.3MB

    • MD5

      bc3d01320d7c5ccee01146255acad0de

    • SHA1

      304146f97774834c7d76d0762ef026884a74c077

    • SHA256

      ccfb36f935b386036773e456b5d15744a72426ba9b1f0b329efa8e54dffb3531

    • SHA512

      945e73f285fdace62c6892cbe68659ae6d9d357f6cfe9b5c415335d45c355304e087b8beae69298ef43befbbfe71bc7a1d8bc9a330e7f693e0029926cdb3a7e8

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks