General

  • Target

    6640a348f8932e6f95c8b06b98ee85fcJaffaCakes118

  • Size

    2.2MB

  • Sample

    240530-f26qfsga5z

  • MD5

    6640a348f8932e6f95c8b06b98ee85fc

  • SHA1

    4803f34b079c8c05212c93c95bf71174d67ef650

  • SHA256

    8340ff20d05d783f4fcbff9f562bc10dac926be9716d0b7d3f1779ca3ac50608

  • SHA512

    14aa32ea5661ef5510190b6bc70fd0b428fc5578fdf8c242bf5755145fb53881e0fc90562fb80f315a82e999bf5444d5668e79f39a20b0ab24e73726653d7933

  • SSDEEP

    49152:s6ByZjSpCrP7PC3Rd3RQkqQMSb9kms0StTj:MfPPCdBsQj3StP

Score
10/10

Malware Config

Targets

    • Target

      6640a348f8932e6f95c8b06b98ee85fcJaffaCakes118

    • Size

      2.2MB

    • MD5

      6640a348f8932e6f95c8b06b98ee85fc

    • SHA1

      4803f34b079c8c05212c93c95bf71174d67ef650

    • SHA256

      8340ff20d05d783f4fcbff9f562bc10dac926be9716d0b7d3f1779ca3ac50608

    • SHA512

      14aa32ea5661ef5510190b6bc70fd0b428fc5578fdf8c242bf5755145fb53881e0fc90562fb80f315a82e999bf5444d5668e79f39a20b0ab24e73726653d7933

    • SSDEEP

      49152:s6ByZjSpCrP7PC3Rd3RQkqQMSb9kms0StTj:MfPPCdBsQj3StP

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks