General

  • Target

    ab9ef2978e455e876ee9bec3807a9ae6.exe

  • Size

    2.3MB

  • Sample

    230703-c7xsysff5y

  • MD5

    ab9ef2978e455e876ee9bec3807a9ae6

  • SHA1

    830027727cbc9b2747571d607da399e90443d578

  • SHA256

    c8da211ca281d957b12a406335603a4710803015a58710b1a36ca64605f8cd00

  • SHA512

    29951722226683b7ad0cb97f815be2d69350317a5351234a4378f27a62d82b7b9696f2d2bbca2e5691401c57d6a209b6e12501a4a33e0185e7f92a65f9e8fa11

  • SSDEEP

    49152:sXAW1ip79/v9b6b5t15E2t7h2ZAclve1yuRF45J1:sV0ph/vJ6D12OyjuX

Score
10/10

Malware Config

Targets

    • Target

      ab9ef2978e455e876ee9bec3807a9ae6.exe

    • Size

      2.3MB

    • MD5

      ab9ef2978e455e876ee9bec3807a9ae6

    • SHA1

      830027727cbc9b2747571d607da399e90443d578

    • SHA256

      c8da211ca281d957b12a406335603a4710803015a58710b1a36ca64605f8cd00

    • SHA512

      29951722226683b7ad0cb97f815be2d69350317a5351234a4378f27a62d82b7b9696f2d2bbca2e5691401c57d6a209b6e12501a4a33e0185e7f92a65f9e8fa11

    • SSDEEP

      49152:sXAW1ip79/v9b6b5t15E2t7h2ZAclve1yuRF45J1:sV0ph/vJ6D12OyjuX

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks