General

  • Target

    c0db54d6ec9c0e2310d4c8bfd1739f079a0fd85adcf088ff8876f54485a61f2c.exe

  • Size

    1.4MB

  • Sample

    240516-b6ys7aeh4w

  • MD5

    3d71f1e177234c396f2a5d7d852a2376

  • SHA1

    fe960120b965c91a3021fbea60e1b2c77ec78b63

  • SHA256

    c0db54d6ec9c0e2310d4c8bfd1739f079a0fd85adcf088ff8876f54485a61f2c

  • SHA512

    e2bc7e6027b32088580ab4e2a074d23c8be77ef5992f502fadb0875316a2b2f79bd9d1668568d99867715d5e60ee2fa236c903ba668cfd868142e3d18bbda82c

  • SSDEEP

    24576:U2G/nvxW3Ww0tHzmBv0vDGt3r6+yWJmgHgwSRADpDial:UbA30HzFGnJ2wS+1ic

Score
10/10

Malware Config

Targets

    • Target

      c0db54d6ec9c0e2310d4c8bfd1739f079a0fd85adcf088ff8876f54485a61f2c.exe

    • Size

      1.4MB

    • MD5

      3d71f1e177234c396f2a5d7d852a2376

    • SHA1

      fe960120b965c91a3021fbea60e1b2c77ec78b63

    • SHA256

      c0db54d6ec9c0e2310d4c8bfd1739f079a0fd85adcf088ff8876f54485a61f2c

    • SHA512

      e2bc7e6027b32088580ab4e2a074d23c8be77ef5992f502fadb0875316a2b2f79bd9d1668568d99867715d5e60ee2fa236c903ba668cfd868142e3d18bbda82c

    • SSDEEP

      24576:U2G/nvxW3Ww0tHzmBv0vDGt3r6+yWJmgHgwSRADpDial:UbA30HzFGnJ2wS+1ic

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks