General

  • Target

    NEAS.ddf33cfed683c502528eeb1278bb1af2d4345c23f7ebe312183555e50a20097aexe.exe

  • Size

    943KB

  • Sample

    231204-te3beacc8v

  • MD5

    7462c47aff3c0ede1f4671532758d7f8

  • SHA1

    ccc2f8c33b83a520640d2921cd2247edcbefb020

  • SHA256

    ddf33cfed683c502528eeb1278bb1af2d4345c23f7ebe312183555e50a20097a

  • SHA512

    92e49c1b969f6470f256203f94eb1e434c5084cdebbfb85686173f00c729831a2477a7fbfd03166d5cfbe3044fc5552f9a3d9bbee33896fe88edf9b6f2642694

  • SSDEEP

    24576:xW6VXRh//zyEKJYztxsoukhTSeiOSn40hm/GCHBn:k6pyDStBSKS+uCHBn

Score
10/10

Malware Config

Targets

    • Target

      NEAS.ddf33cfed683c502528eeb1278bb1af2d4345c23f7ebe312183555e50a20097aexe.exe

    • Size

      943KB

    • MD5

      7462c47aff3c0ede1f4671532758d7f8

    • SHA1

      ccc2f8c33b83a520640d2921cd2247edcbefb020

    • SHA256

      ddf33cfed683c502528eeb1278bb1af2d4345c23f7ebe312183555e50a20097a

    • SHA512

      92e49c1b969f6470f256203f94eb1e434c5084cdebbfb85686173f00c729831a2477a7fbfd03166d5cfbe3044fc5552f9a3d9bbee33896fe88edf9b6f2642694

    • SSDEEP

      24576:xW6VXRh//zyEKJYztxsoukhTSeiOSn40hm/GCHBn:k6pyDStBSKS+uCHBn

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks