General

  • Target

    NEAS.507444088fbb59e5e16dc1bb3db1c638582003aad2a46824aea0ce74a73d472cexe.exe

  • Size

    827KB

  • Sample

    231204-tv9qescf6z

  • MD5

    0ac3339350e0daa8432bd27bac74e4e7

  • SHA1

    ba10f531f9197f2432d6042173dc5cefa0ee8500

  • SHA256

    507444088fbb59e5e16dc1bb3db1c638582003aad2a46824aea0ce74a73d472c

  • SHA512

    86b3a1d4f447914286888b4fc84a2a166b6625fc2e88c61b259282dc2a49f8ea11ff0d4727d1b78245a5b30ea08738701cf16000cdb95de7d39b732eb0906e64

  • SSDEEP

    12288:2uSqy+QGEAGlP9suppP3YSMXj6pM9zuryXVqnWRMORNHEWZEVjJe6C:2G3GlP9BXYSMXj6pMbZ9HvZujc

Score
10/10

Malware Config

Targets

    • Target

      NEAS.507444088fbb59e5e16dc1bb3db1c638582003aad2a46824aea0ce74a73d472cexe.exe

    • Size

      827KB

    • MD5

      0ac3339350e0daa8432bd27bac74e4e7

    • SHA1

      ba10f531f9197f2432d6042173dc5cefa0ee8500

    • SHA256

      507444088fbb59e5e16dc1bb3db1c638582003aad2a46824aea0ce74a73d472c

    • SHA512

      86b3a1d4f447914286888b4fc84a2a166b6625fc2e88c61b259282dc2a49f8ea11ff0d4727d1b78245a5b30ea08738701cf16000cdb95de7d39b732eb0906e64

    • SSDEEP

      12288:2uSqy+QGEAGlP9suppP3YSMXj6pM9zuryXVqnWRMORNHEWZEVjJe6C:2G3GlP9BXYSMXj6pMbZ9HvZujc

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks