General

  • Target

    a55b5642f42f2d89eb1464e594cab10c.bin

  • Size

    5.0MB

  • Sample

    230224-b4yqeabg4v

  • MD5

    a55b5642f42f2d89eb1464e594cab10c

  • SHA1

    9441f0f2d5abec37c592460c5129e3180671d7c1

  • SHA256

    1a44d980ad4e809fa458251d28cbf53879a8d844d45eafbffc520d12cca67265

  • SHA512

    bc3a583f8cbc374ac3331fb4f0580540f1519fb7b75c2cf6286594c41f793c99316de65295aa0b2c6b75de2ad383ad7de1393388f6fc1e843023283e9ae04494

  • SSDEEP

    98304:0/+LQ1LGquN40DUwHNIswpIC9mDP5yedQl9k+u2T0plnYxMOkwM4Y9:0/+LQlyNhUwtKpICwDPBoko0pxYWjd9

Malware Config

Targets

    • Target

      Adopt me/Core.dll

    • Size

      6.8MB

    • MD5

      e3e91f6be2f9ae8b6b8f0b1cdf926d74

    • SHA1

      f1909ccd04758a18697fb719501d8354895d1d1c

    • SHA256

      b0035a21dda0b2a9671a01e6d29c1357f4c92010bdde48cc36619082c522b0a3

    • SHA512

      661e6a3eba7c4d691c8bca3fb8ab40c79250923bae860280a42e0f09e8aff2ca54d0fee0d3ae5cbd6b4b09d682d991a59db8fc63e455bfcc1a49332d3b80488f

    • SSDEEP

      196608:U7PqSpLdtGy2MdFzcbI9gM4XMtEM0A3sIFnuI:6qSlGy2gzLgMvtUKN

    Score
    1/10
    • Target

      Adopt me/Parametrs.dll

    • Size

      68KB

    • MD5

      92b4ecb0d175e28d32e84d7c10d5a770

    • SHA1

      183e18767a66f6717493486a42920b22b6b0387e

    • SHA256

      7929fc7a6b6aeccbde7922152b3333c04dc2b27ab91f61fc3e8f282bb1db34bf

    • SHA512

      bf36ff70d87c4d0e7f0879732b1f300cff449cf7bbe7ba94bcea14137bd52dfd2535fbfb4f5e03ee5e787ecdb5808baea0ea8f960a7d367b865d0bee43323885

    • SSDEEP

      768:pKwClM3qPqyPq/5FXGX+CU1Y68zvg5CPYifvsFdoKD8JMxRZcEOjN1nhoCS:pK7IqyyPW32hUezE5i+gQotjNboJ

    Score
    1/10
    • Target

      Adopt me/Script.exe

    • Size

      722.0MB

    • MD5

      16e7b0ef894bbbf25921e821c3345494

    • SHA1

      293a85ad01ae13f7312cdebc60074dea5cb16531

    • SHA256

      b77e54b53bfbc826658981fb3f200569bd6a16632d00d0ebb00176fa77a985db

    • SHA512

      359f8da700bea3c8274e4dc8d996660882a08e10cabe9d6207c02a42921603c57adfd2b4291da60b3791b499ceb905e0e861ec5986f896d607cdb3ab7a469ee3

    • SSDEEP

      24576:Bp11YGDkjwJsoGlWVwW25mKMc0uyEHcuhkypo9ePXEntalf3:BpfY5UsoGlqe5mKMc06kypSesI

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    • Target

      Adopt me/config.dll

    • Size

      940KB

    • MD5

      9c861c079dd81762b6c54e37597b7712

    • SHA1

      62cb65a1d79e2c5ada0c7bfc04c18693567c90d0

    • SHA256

      ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c

    • SHA512

      3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7

    • SSDEEP

      24576:FkZ+EUPoH5KTcAxt/qvRQdxQxO61kCS9mmWymzVPD:FkMAlM8ixQI5C6wl

    Score
    3/10

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks