General

  • Target

    RevisionFX Twixtor Pro 7.0.2.exe

  • Size

    616.1MB

  • Sample

    231120-x5awmaaa32

  • MD5

    d998c163a5b61a53e85ba6d152168a5c

  • SHA1

    086b7745a5a9cdf4f0b63699559fbc8d22f64186

  • SHA256

    6a5c4383a7b6393a180cf3e73e02cd98a81a7b5777de98a07caae4b691f7ac3c

  • SHA512

    6340a8f1b9ebee1bd1a19b209ff38a4c8fc35ebb173ea51c8cbdfdda6b29f0c8619d9628ee97efa429182a97e6beca849e6786db3798efe4173d095f1b679276

  • SSDEEP

    786432:mpxj69KQ8MNHdekvV7Kjxo4p1ScTBDy1RKyso5c1tPh/efqxlKfLTaJPlRUVfA:mpxIKZMNHdnxK6g9TBDUn/M2a4TaXb

Score
10/10

Malware Config

Targets

    • Target

      RevisionFX Twixtor Pro 7.0.2.exe

    • Size

      616.1MB

    • MD5

      d998c163a5b61a53e85ba6d152168a5c

    • SHA1

      086b7745a5a9cdf4f0b63699559fbc8d22f64186

    • SHA256

      6a5c4383a7b6393a180cf3e73e02cd98a81a7b5777de98a07caae4b691f7ac3c

    • SHA512

      6340a8f1b9ebee1bd1a19b209ff38a4c8fc35ebb173ea51c8cbdfdda6b29f0c8619d9628ee97efa429182a97e6beca849e6786db3798efe4173d095f1b679276

    • SSDEEP

      786432:mpxj69KQ8MNHdekvV7Kjxo4p1ScTBDy1RKyso5c1tPh/efqxlKfLTaJPlRUVfA:mpxIKZMNHdnxK6g9TBDUn/M2a4TaXb

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks