General

  • Target

    6c29115dcaec260d6195298dead3ffb4e2b56cb49deef62c152c73d1cc5c7961

  • Size

    1.3MB

  • Sample

    221101-tnvypaebeq

  • MD5

    a9b0d7b407f8967320431e2d07449422

  • SHA1

    2f839d88e4d85e1ab84d57d4a69f80a603c42145

  • SHA256

    6c29115dcaec260d6195298dead3ffb4e2b56cb49deef62c152c73d1cc5c7961

  • SHA512

    411e3f83520b5611d1de7a9ac2dfa7283c5402865734e18851228d256f719b78f1f77d71bd0c268c8279446573c1e2eecc4c22aab8efaa60e7f5048a36514cff

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      6c29115dcaec260d6195298dead3ffb4e2b56cb49deef62c152c73d1cc5c7961

    • Size

      1.3MB

    • MD5

      a9b0d7b407f8967320431e2d07449422

    • SHA1

      2f839d88e4d85e1ab84d57d4a69f80a603c42145

    • SHA256

      6c29115dcaec260d6195298dead3ffb4e2b56cb49deef62c152c73d1cc5c7961

    • SHA512

      411e3f83520b5611d1de7a9ac2dfa7283c5402865734e18851228d256f719b78f1f77d71bd0c268c8279446573c1e2eecc4c22aab8efaa60e7f5048a36514cff

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks