General

  • Target

    7a2f80dc2e0ffc05dca17d2f15e8a9731de44ac0a17fb5b0be91807fab661a86

  • Size

    1.3MB

  • Sample

    221103-kgv6fagcc7

  • MD5

    e65227584a520bee232e1af929cebed6

  • SHA1

    b4157c0d6e72717db66dc036eba6df68c678158d

  • SHA256

    7a2f80dc2e0ffc05dca17d2f15e8a9731de44ac0a17fb5b0be91807fab661a86

  • SHA512

    a48abe210173c5c382ee90123932117f7e4d774834ef934533536ee23defb393c424e20b7439f45313475563f5cf2af5f1955cc187477012b91089b7b1088816

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      7a2f80dc2e0ffc05dca17d2f15e8a9731de44ac0a17fb5b0be91807fab661a86

    • Size

      1.3MB

    • MD5

      e65227584a520bee232e1af929cebed6

    • SHA1

      b4157c0d6e72717db66dc036eba6df68c678158d

    • SHA256

      7a2f80dc2e0ffc05dca17d2f15e8a9731de44ac0a17fb5b0be91807fab661a86

    • SHA512

      a48abe210173c5c382ee90123932117f7e4d774834ef934533536ee23defb393c424e20b7439f45313475563f5cf2af5f1955cc187477012b91089b7b1088816

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks