General

  • Target

    3DD0A5685E10EF6D63758CAFEE7C651F8AE80A4766415.exe

  • Size

    2.0MB

  • Sample

    231118-ad25gafg92

  • MD5

    9b57b45ad1b718ed5e83fb62a8b726c3

  • SHA1

    25e29ba21022424a4d74f2d184238f288a788f32

  • SHA256

    3dd0a5685e10ef6d63758cafee7c651f8ae80a47664158976ace7b80c825a032

  • SHA512

    f9b439d71536513bd8a190774cd4c3c6a5729ecf54f5f70e7abbbffde54485188998c3537b5955f98dac4a390742bfddf2b4ef6f257729e46565bcf862de3209

  • SSDEEP

    24576:JB432G/nvxW3Ww0tLXA/ZohBQTRtWpekBST0Z3jJWOyFFgU91cD0knE4BTi:QbA30DDhBQNxkk0pljyF2U911qi

Score
10/10

Malware Config

Targets

    • Target

      3DD0A5685E10EF6D63758CAFEE7C651F8AE80A4766415.exe

    • Size

      2.0MB

    • MD5

      9b57b45ad1b718ed5e83fb62a8b726c3

    • SHA1

      25e29ba21022424a4d74f2d184238f288a788f32

    • SHA256

      3dd0a5685e10ef6d63758cafee7c651f8ae80a47664158976ace7b80c825a032

    • SHA512

      f9b439d71536513bd8a190774cd4c3c6a5729ecf54f5f70e7abbbffde54485188998c3537b5955f98dac4a390742bfddf2b4ef6f257729e46565bcf862de3209

    • SSDEEP

      24576:JB432G/nvxW3Ww0tLXA/ZohBQTRtWpekBST0Z3jJWOyFFgU91cD0knE4BTi:QbA30DDhBQNxkk0pljyF2U911qi

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks