General

  • Target

    ffad890a75902443f6c93f5e59a2f34568050d7837a0395ac277cecb0eee9566.zip

  • Size

    415KB

  • Sample

    231119-3vq3radf5t

  • MD5

    92411ecc81320207c1faa0a7b535d394

  • SHA1

    6c36d7cb00b1cedcfdcd4888796c645b6d4332fe

  • SHA256

    a83f3991aac6949237089535774eb590eb6644051353a07ec5b28d540b0ff80c

  • SHA512

    08267c0d9bf2df0e3f6a9cf5d3ba220468fc242f65bd8a738af47d8b9990f6f7aead93d8ec3c665e61480405ca5e255812535756a62ce27ba6e73ea671309d0e

  • SSDEEP

    6144:rMZQDFARk30coFJoRas0DeGEjT5bYSrS/o1Lx+zwlKnmGpI0Qe/ECUVeaCXsc+Ru:fJoFttD2bYg44LAn5MLqci

Score
10/10

Malware Config

Targets

    • Target

      ffad890a75902443f6c93f5e59a2f34568050d7837a0395ac277cecb0eee9566.exe

    • Size

      827KB

    • MD5

      046d982708c20bd6d72dbf52bbae5f7b

    • SHA1

      10e7d61dd00262a56f205772490ca4eff82526e0

    • SHA256

      ffad890a75902443f6c93f5e59a2f34568050d7837a0395ac277cecb0eee9566

    • SHA512

      424682e75ce9d19495d36c45092566a0913e253e4043210f7cc9fabcc268d985ca09f51bffc03d7ebb389383e511d4149b9d9374898ac40a98aded0d0866ac96

    • SSDEEP

      12288:KEhjU+RTDLTvuT5F4hhd6vWL1E2EXLCFbhdXtk/2E:KsU+RjTvuT5F4hhc21EPLEhddk/P

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

MITRE ATT&CK Enterprise v15

Tasks