General

  • Target

    10643700066.zip

  • Size

    17.5MB

  • Sample

    230607-epkf1shd4s

  • MD5

    57b6b5144a3fd68aeb07a583f7c96a62

  • SHA1

    14c9bfebe3938151056e39a6ec7a9205e9679736

  • SHA256

    37b1874b580fc0c5896b06bd5ae855d66d15ab2be63408c0bda9dbd9441c0b13

  • SHA512

    4e0b6353acb98db2183f1d25c331eb0d1524cbe3753b5415059cf8aee6c69c25dd79c6f4e02c29180cce91176b24430d427acb8fb92da8cebfe2e57f19bda6c4

  • SSDEEP

    393216:KYR1fCQTdf/oQrI8zpu9GUnIGfIM0l87f8X3Nwt:KYTC8df/FU8luHXfIMMT3ut

Score
10/10

Malware Config

Targets

    • Target

      AllergiesList/Allergies List and Allowed Substances.numb05151.pdf.scr

    • Size

      920.3MB

    • MD5

      491c5ac82977262ef24bd22ad312c622

    • SHA1

      1f0555370f07e94182059701f63e940429757157

    • SHA256

      ea770032c44e773b9c9865d4ff3bfb10f76b003ace1bbfbe45755ffff227e5fe

    • SHA512

      a9974fe623a979e12d8493200f36aa4aab5763ea97ed4d5924fb1f579038d686bb10d789d576343ce4ca4c8a4657ed9404b7ffb52f701f6f880eb75e766f6734

    • SSDEEP

      393216:rc8yiMPNWZV4nXF12elEA7YKsHES/Sl50l:rcOMPNWTM2elpBtSwW

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks