General

  • Target

    chainbrowserSession - Copie.exe

  • Size

    827KB

  • Sample

    240514-3ptlpaec6w

  • MD5

    dcd1dbdf7c8bfb9263e5dda02b1bfa79

  • SHA1

    0912a5fa7ac74c5e49d72a8a4d6957b063b1d31b

  • SHA256

    3fe6c89a0fdadaf3172be13af4fad92f5f3e08c3bde723c8b6957ac68a3503ae

  • SHA512

    d368e5f91365af67e46514425e13323f0ad2181d5fc1e790b2b5d17e9cf8c91f46bdf582550517f703b8232f6bd59598b37a41cd637f2d9c192317e8f0134ccc

  • SSDEEP

    12288:aAavWfeLpHbw89c1R66n20OHjNJWZtWDqEneSfIY9DyQpPt:RavZpHbw1R6PlTGqqERfFDyel

Score
10/10

Malware Config

Targets

    • Target

      chainbrowserSession - Copie.exe

    • Size

      827KB

    • MD5

      dcd1dbdf7c8bfb9263e5dda02b1bfa79

    • SHA1

      0912a5fa7ac74c5e49d72a8a4d6957b063b1d31b

    • SHA256

      3fe6c89a0fdadaf3172be13af4fad92f5f3e08c3bde723c8b6957ac68a3503ae

    • SHA512

      d368e5f91365af67e46514425e13323f0ad2181d5fc1e790b2b5d17e9cf8c91f46bdf582550517f703b8232f6bd59598b37a41cd637f2d9c192317e8f0134ccc

    • SSDEEP

      12288:aAavWfeLpHbw89c1R66n20OHjNJWZtWDqEneSfIY9DyQpPt:RavZpHbw1R6PlTGqqERfFDyel

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks