General

  • Target

    NEAS.f83148f181f138db59182790125e3550.exe

  • Size

    1.1MB

  • Sample

    231118-btevjshf3z

  • MD5

    f83148f181f138db59182790125e3550

  • SHA1

    59af834bd5049062d03068977b90fdd60ab75516

  • SHA256

    8cfaca4031f29d40bd683e3cbaacf02b046005295aa6c30d3d832de486fc6f09

  • SHA512

    fd80d6fb61eb34c7d4236ae44f96830c5f9eae72f477a7a9adce2b9eda5b2c0b9b6d9427e38e34f900395008b256a97fab2eb4d899dc395a7a59301d4e20e58f

  • SSDEEP

    24576:aADdteLS1VO6wLVqq0aJSw69voIN7y7Di0:8E86MVX/SwHmf

Score
10/10

Malware Config

Targets

    • Target

      NEAS.f83148f181f138db59182790125e3550.exe

    • Size

      1.1MB

    • MD5

      f83148f181f138db59182790125e3550

    • SHA1

      59af834bd5049062d03068977b90fdd60ab75516

    • SHA256

      8cfaca4031f29d40bd683e3cbaacf02b046005295aa6c30d3d832de486fc6f09

    • SHA512

      fd80d6fb61eb34c7d4236ae44f96830c5f9eae72f477a7a9adce2b9eda5b2c0b9b6d9427e38e34f900395008b256a97fab2eb4d899dc395a7a59301d4e20e58f

    • SSDEEP

      24576:aADdteLS1VO6wLVqq0aJSw69voIN7y7Di0:8E86MVX/SwHmf

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks