General

  • Target

    a1055620142988c87ddaa814a673a192.exe

  • Size

    632KB

  • Sample

    231204-jze2hahh56

  • MD5

    a1055620142988c87ddaa814a673a192

  • SHA1

    067d98bf06b557bc12923b0fd5e46fa5a868a105

  • SHA256

    1b76c862491ee6fa0be99ac8b47bbdcbe7556ea9b7e9f94321e92954581ca786

  • SHA512

    b9bae74e5a6bdbd2cfbbdb02fcbdd226aaa16a7f334b3af4381d4587fd8807849d929cf28186e7eec213aa5896f586f997ec2879a40a83c828cb0544c0be8304

  • SSDEEP

    12288:oRZ+IoG/n9IQxW3OBse03NQbow2N7gepSioYuZyZSdxYZp:y2G/nvxW3We9qow2xkxZBxY3

Score
10/10

Malware Config

Targets

    • Target

      a1055620142988c87ddaa814a673a192.exe

    • Size

      632KB

    • MD5

      a1055620142988c87ddaa814a673a192

    • SHA1

      067d98bf06b557bc12923b0fd5e46fa5a868a105

    • SHA256

      1b76c862491ee6fa0be99ac8b47bbdcbe7556ea9b7e9f94321e92954581ca786

    • SHA512

      b9bae74e5a6bdbd2cfbbdb02fcbdd226aaa16a7f334b3af4381d4587fd8807849d929cf28186e7eec213aa5896f586f997ec2879a40a83c828cb0544c0be8304

    • SSDEEP

      12288:oRZ+IoG/n9IQxW3OBse03NQbow2N7gepSioYuZyZSdxYZp:y2G/nvxW3We9qow2xkxZBxY3

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks