Resubmissions

04/12/2023, 06:08

231204-gv1fjahd38 10

02/12/2023, 09:25

231202-ldq8rabd35 10

General

  • Target

    2882b29fc8c4bc157b8416a4a621084557639de0dd7a86dcf0dda2e35b900517.exe

  • Size

    1.1MB

  • Sample

    231204-gv1fjahd38

  • MD5

    71ea6268f9069ce113824b4ad34384ff

  • SHA1

    c6faa871c7434ff60583de306b6947ef7feadc06

  • SHA256

    2882b29fc8c4bc157b8416a4a621084557639de0dd7a86dcf0dda2e35b900517

  • SHA512

    e4fe605eb621eb8ae9710d6d1d7cf802e8c66c384c731cdcee50e8c19dbb22a0d23338d368bb89b908f50831cc12d5cc9e541b8e2887b2f505863afa2bce6241

  • SSDEEP

    24576:U2G/nvxW3Ww0tACSUGFzLmBqSQ25wE2yrnj4FA5:UbA30ACSxiBqSQYyw

Score
10/10

Malware Config

Targets

    • Target

      2882b29fc8c4bc157b8416a4a621084557639de0dd7a86dcf0dda2e35b900517.exe

    • Size

      1.1MB

    • MD5

      71ea6268f9069ce113824b4ad34384ff

    • SHA1

      c6faa871c7434ff60583de306b6947ef7feadc06

    • SHA256

      2882b29fc8c4bc157b8416a4a621084557639de0dd7a86dcf0dda2e35b900517

    • SHA512

      e4fe605eb621eb8ae9710d6d1d7cf802e8c66c384c731cdcee50e8c19dbb22a0d23338d368bb89b908f50831cc12d5cc9e541b8e2887b2f505863afa2bce6241

    • SSDEEP

      24576:U2G/nvxW3Ww0tACSUGFzLmBqSQ25wE2yrnj4FA5:UbA30ACSxiBqSQYyw

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks