General

  • Target

    07fa9ac4502b2a0ba83036450abbe28d6656c8941abf5180e81650550aa50a4e.zip

  • Size

    595KB

  • Sample

    231119-3vpjxsdf4w

  • MD5

    c48d36403bfb7e3500f040d8c6bdcf39

  • SHA1

    c4146d70f0a9cdb6985389a4b6172b0d794f9731

  • SHA256

    2fb98416c66e1e2965791384acd49860a00e2b29f16f88bfe01a23d3f3ccb0dc

  • SHA512

    f3575a3bd6d4dd68bb12e73401deba63359b366f594732ffbe3578f3f21ef5c136baca4bf3bc9e0b746ad2504ebdebcebbe153e8f7a78fe6385825cfb46eaf54

  • SSDEEP

    12288:OuYnohzNo7n3zW3U08zpEvv9E8YglkakZsJaI/KWE9xofMxEyRbKPuRmbZ4YkRWI:Op427IX8dEtd7g4aImwMxEAbKPuR8KYW

Score
10/10

Malware Config

Targets

    • Target

      07fa9ac4502b2a0ba83036450abbe28d6656c8941abf5180e81650550aa50a4e.exe

    • Size

      1.1MB

    • MD5

      1a030d2d68a966877a377cf8c888115c

    • SHA1

      b0d0fe9953ca03954fe6951d3fda35b08a045359

    • SHA256

      07fa9ac4502b2a0ba83036450abbe28d6656c8941abf5180e81650550aa50a4e

    • SHA512

      9b8d1336c207f5a6b34aecd1389405012ba33abc842a32d4de40a359abfe3314224e4154221bbeffaeb18987821dc150fc9010fb9b64b39b173546d47193da1e

    • SSDEEP

      24576:U2G/nvxW3Ww0tKUVvRF5tWgTkvP0fA7HD56:UbA30KUVv+gwvsfA0

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks