General

  • Target

    1df736e9fe6bdbfc6d249f9116815413.exe

  • Size

    2.3MB

  • Sample

    240512-dlqyysge85

  • MD5

    1df736e9fe6bdbfc6d249f9116815413

  • SHA1

    a7bb25820251be8f27ef460dc811a4a345f87898

  • SHA256

    93052bbf65ee2790cbee9f7bd67f27a5501818747793caf86a2d0a7f1b0768ed

  • SHA512

    1032257a4498736d901763758aa029cb9f9c111361db076af6eb8d45766dbedc4defc53f564bc759ade145653e2f96f4acb9a7a87d5ff966ce7fec09aa55244a

  • SSDEEP

    49152:+Y2Y6vPgdyNHz1Gls+QCFLF6g8zzxqHFWAN57:+Y/6vmyJz1P+rHD4xoFW257

Malware Config

Targets

    • Target

      1df736e9fe6bdbfc6d249f9116815413.exe

    • Size

      2.3MB

    • MD5

      1df736e9fe6bdbfc6d249f9116815413

    • SHA1

      a7bb25820251be8f27ef460dc811a4a345f87898

    • SHA256

      93052bbf65ee2790cbee9f7bd67f27a5501818747793caf86a2d0a7f1b0768ed

    • SHA512

      1032257a4498736d901763758aa029cb9f9c111361db076af6eb8d45766dbedc4defc53f564bc759ade145653e2f96f4acb9a7a87d5ff966ce7fec09aa55244a

    • SSDEEP

      49152:+Y2Y6vPgdyNHz1Gls+QCFLF6g8zzxqHFWAN57:+Y/6vmyJz1P+rHD4xoFW257

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks