General

  • Target

    e7a9449a6a1ef5b93caa2677aee37572e50111e7b405846138e004768b383cf2

  • Size

    1.3MB

  • Sample

    230203-b7m33shg44

  • MD5

    9abe9a5fd1dc2978d35b9609cd839751

  • SHA1

    4aa6e835666e96f38e0430a378aeed8fc1781ea1

  • SHA256

    e7a9449a6a1ef5b93caa2677aee37572e50111e7b405846138e004768b383cf2

  • SHA512

    4798f95bf5f01e769a67ccc4fe7e18604417bdf3c4d3c7ae8dac525debd4da480b5497c7f8a9f555f89bc48c15c5415e44ade9dbc9de2e801b4873bd75018c72

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      e7a9449a6a1ef5b93caa2677aee37572e50111e7b405846138e004768b383cf2

    • Size

      1.3MB

    • MD5

      9abe9a5fd1dc2978d35b9609cd839751

    • SHA1

      4aa6e835666e96f38e0430a378aeed8fc1781ea1

    • SHA256

      e7a9449a6a1ef5b93caa2677aee37572e50111e7b405846138e004768b383cf2

    • SHA512

      4798f95bf5f01e769a67ccc4fe7e18604417bdf3c4d3c7ae8dac525debd4da480b5497c7f8a9f555f89bc48c15c5415e44ade9dbc9de2e801b4873bd75018c72

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks