General

  • Target

    NEAS.8b63b4a62f39fe51f04bad846500d900.exe

  • Size

    1.6MB

  • Sample

    231118-heedssdd4v

  • MD5

    8b63b4a62f39fe51f04bad846500d900

  • SHA1

    cd57f895dfbdef71daaec73832d686e25c4a9443

  • SHA256

    12d85b878dd9e2e4bf577444948bc0a1db87009f5d51e6e79403d1d8c2b5861d

  • SHA512

    8eb64ea0b612c306eba388c733b2e65ffa93111b6062d2034d4733352be8721c0450f1a130dbcbf9c17510612f2374017a1597ed90a20d5d9dd99d6b4c7c09d5

  • SSDEEP

    24576:dPMYXSRYoY64PXxohpNzb44qv/x8GMpmIB8VDLjyfH4VYiwzcHA8csX1OA:dPCRI+NoHwqRCY2cHAMF

Score
10/10

Malware Config

Targets

    • Target

      NEAS.8b63b4a62f39fe51f04bad846500d900.exe

    • Size

      1.6MB

    • MD5

      8b63b4a62f39fe51f04bad846500d900

    • SHA1

      cd57f895dfbdef71daaec73832d686e25c4a9443

    • SHA256

      12d85b878dd9e2e4bf577444948bc0a1db87009f5d51e6e79403d1d8c2b5861d

    • SHA512

      8eb64ea0b612c306eba388c733b2e65ffa93111b6062d2034d4733352be8721c0450f1a130dbcbf9c17510612f2374017a1597ed90a20d5d9dd99d6b4c7c09d5

    • SSDEEP

      24576:dPMYXSRYoY64PXxohpNzb44qv/x8GMpmIB8VDLjyfH4VYiwzcHA8csX1OA:dPCRI+NoHwqRCY2cHAMF

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks