General

  • Target

    19oa2h6ibyxkuece.exe

  • Size

    1.4MB

  • Sample

    240513-x91b3sbg85

  • MD5

    2117cf8f045e569e65a6acd57d4a349f

  • SHA1

    22c2bad783d7a33a655f386c1fffaa23a08319cc

  • SHA256

    96e667b3511fd706f966946c64f7764b26f26c93b5297b36d8a6961921fb6eaa

  • SHA512

    51326e4ef772bb809796935d06800ca6e823a4f1b6db21d80316e125c8ba77b3378b4fe50bf8e47c3eac8451d2876e37696b2c1ba6249525971ffba5d9c12c45

  • SSDEEP

    24576:T2G/nvxW3WHfmfz5BLKfaoyIOFxZBMrQ7x1WzDfLURIb3jyAm7OcbFY49:TbA3Wm7gXWxX37xuhXDwOc

Malware Config

Targets

    • Target

      19oa2h6ibyxkuece.exe

    • Size

      1.4MB

    • MD5

      2117cf8f045e569e65a6acd57d4a349f

    • SHA1

      22c2bad783d7a33a655f386c1fffaa23a08319cc

    • SHA256

      96e667b3511fd706f966946c64f7764b26f26c93b5297b36d8a6961921fb6eaa

    • SHA512

      51326e4ef772bb809796935d06800ca6e823a4f1b6db21d80316e125c8ba77b3378b4fe50bf8e47c3eac8451d2876e37696b2c1ba6249525971ffba5d9c12c45

    • SSDEEP

      24576:T2G/nvxW3WHfmfz5BLKfaoyIOFxZBMrQ7x1WzDfLURIb3jyAm7OcbFY49:TbA3Wm7gXWxX37xuhXDwOc

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

MITRE ATT&CK Enterprise v15

Tasks