General

  • Target

    Soundpad.exe

  • Size

    5.9MB

  • Sample

    240512-tezwaadc8z

  • MD5

    7dd40bf42c6289ab07faa6a4ac87c4f5

  • SHA1

    154f32614944496929092c39f80fd0519d39442b

  • SHA256

    c840a6d224bd037646c173767fe63743985c7a932c177a841b1481c32252d3a0

  • SHA512

    c0e3e7dc4f3efcf6fcd4959a01e81a2adfcb2e957474877a60c2de9146d1028eaa363a8e86a3ba2635c868b271669341336dabaac786572a0432b98f70cfa1cb

  • SSDEEP

    98304:ykLOg+x1I1i76GsYDXH38ahxs484rHxeW5a5zFBEQATmsJSZm25AAYSV1q7GAu+0:dON2x4bXJhygRevVfATms4lWVSIt5o9n

Malware Config

Targets

    • Target

      Soundpad.exe

    • Size

      5.9MB

    • MD5

      7dd40bf42c6289ab07faa6a4ac87c4f5

    • SHA1

      154f32614944496929092c39f80fd0519d39442b

    • SHA256

      c840a6d224bd037646c173767fe63743985c7a932c177a841b1481c32252d3a0

    • SHA512

      c0e3e7dc4f3efcf6fcd4959a01e81a2adfcb2e957474877a60c2de9146d1028eaa363a8e86a3ba2635c868b271669341336dabaac786572a0432b98f70cfa1cb

    • SSDEEP

      98304:ykLOg+x1I1i76GsYDXH38ahxs484rHxeW5a5zFBEQATmsJSZm25AAYSV1q7GAu+0:dON2x4bXJhygRevVfATms4lWVSIt5o9n

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks