General

  • Target

    b972668f_f32bfcf53e2f11c5651fe5d4124d9dce1cb071fa7e5fc0b20fa6885a8de34af7.zip

  • Size

    1.7MB

  • Sample

    230530-lw7y8agh24

  • MD5

    b972668f42329e2fbb57db0277cc1a02

  • SHA1

    c18eb39a5eb6759cf4ca054a04f55fc152d25f99

  • SHA256

    f32bfcf53e2f11c5651fe5d4124d9dce1cb071fa7e5fc0b20fa6885a8de34af7

  • SHA512

    9aabfd645edbcb5fd8e4d09dd77f5f432883ca87d919b8a6fd9ad5be9162b975a05748d922cad345279971af8692a46a04a77b11706563fa6a2f5ce49e9c22ae

  • SSDEEP

    49152:7fU7zJ7PlrfGNktUJCQENiYcWmQlxib2SLlbHOgiDUXfE:7M7zfrfGNktUJWNiYczQlOLsJDUXfE

Malware Config

Targets

    • Target

      Roblox Game Manager/Roblox Game Manager.exe

    • Size

      1.2MB

    • MD5

      0c5490df9bc38516e0caf3671cfe53b3

    • SHA1

      6ed899171d1d5e3badea986eff1d8fbe39191511

    • SHA256

      368f78866f6d64f9f03a7caf900fad3e21a7d2c84dbe34d6ae1dc5f8264e4077

    • SHA512

      6e46bea29c4586730b8265d59d1e86aa963bedafc5f92dc42564d61a0d3fb0da7ab1cdaaf6d40a5ed2bdb976f4164da9e83054ffe6b499f10bf2c5b79d2394b9

    • SSDEEP

      24576:U2hXPc/uRkQW40y/v7ySTtA17c09ngjl8ShwTwtZiNpoRNm9VMgP4Tue61bi:bcbh3AqNxShwT1xTi

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Drops file in Drivers directory

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    • Target

      Roblox Game Manager/x64/dimitryGobbedNouveau/gothishDulledTrilit/moothJuha.xml

    • Size

      22KB

    • MD5

      96a2f9b4bf01b9b91a10b9414241c2c6

    • SHA1

      c1910d4988af5b392d852974d769abba977f52e5

    • SHA256

      6c61f8ec4d791e76e1534445521e5108ca26f645906ae9ba75fdf70b536c3459

    • SHA512

      46342491c8d29bb5f0c505c928460b382b721000c1038a5f46a6d8dfef67685a3fcb2ea2e3d424614ce29a1711cdfd1b6d9110926207c1f22150e0b3c71612d3

    • SSDEEP

      384:7xgALATjR5AGXGyAEQABwxY5nLjPvK4gs2LdN7zOm8Xr0Y1YzVi:tgHjwxovNI1qTIVi

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Command and Control

Web Service

1
T1102

Tasks