General

  • Target

    3d71f1e177234c396f2a5d7d852a2376.bin

  • Size

    909KB

  • Sample

    240517-b37lxsbd5y

  • MD5

    7d7e2fa7cf58c33faf8e27167d59cbba

  • SHA1

    dcfe3c17f5fdb0c2233ab5cf71f5ba7f73436b1e

  • SHA256

    cf56915bbabca1ab11ae4cc7f946594e79aba3e4a79e89eb600c60bc19e4b357

  • SHA512

    597615f0f61eade37e245d3e04e89594620997e3b5a80ddd6fe9140b1f861c6dcb68078c5bf31133461bad9b18f8a897864ce81c06ba9fe5cb871358985a0477

  • SSDEEP

    24576:zxpTGlKQGgbzzRkM65iWTVZSNwjHbdQzf18bKu0gbwYmeW:zxpKl7RknrxsyjHbdQz18bKu0qwYmeW

Score
10/10

Malware Config

Targets

    • Target

      c0db54d6ec9c0e2310d4c8bfd1739f079a0fd85adcf088ff8876f54485a61f2c.exe

    • Size

      1.4MB

    • MD5

      3d71f1e177234c396f2a5d7d852a2376

    • SHA1

      fe960120b965c91a3021fbea60e1b2c77ec78b63

    • SHA256

      c0db54d6ec9c0e2310d4c8bfd1739f079a0fd85adcf088ff8876f54485a61f2c

    • SHA512

      e2bc7e6027b32088580ab4e2a074d23c8be77ef5992f502fadb0875316a2b2f79bd9d1668568d99867715d5e60ee2fa236c903ba668cfd868142e3d18bbda82c

    • SSDEEP

      24576:U2G/nvxW3Ww0tHzmBv0vDGt3r6+yWJmgHgwSRADpDial:UbA30HzFGnJ2wS+1ic

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks