General

  • Target

    00c11ab6fa421c4e69915b1d5db441df33cfcc7c61128bb81029816fd0aa222e.exe

  • Size

    829KB

  • Sample

    240531-bctmdagh4s

  • MD5

    28b77e68b269756ba427c8d30deef9de

  • SHA1

    815371ee33e46a6b1a1257b6e01bbaf46ce8d0f5

  • SHA256

    00c11ab6fa421c4e69915b1d5db441df33cfcc7c61128bb81029816fd0aa222e

  • SHA512

    23488adba74b5c22bca70c2b307020b00696eafc37041bd4a578227d2d4ac6c5ac5f1b107159ea9a15ff08fb865409e06164649a1a2b584fb5bc0b8186b73554

  • SSDEEP

    24576:REKNonGb2iV7XQyzP9miug5/JXqY/0u0DT:REK+nC7dmzg5Mu0

Score
10/10

Malware Config

Targets

    • Target

      00c11ab6fa421c4e69915b1d5db441df33cfcc7c61128bb81029816fd0aa222e.exe

    • Size

      829KB

    • MD5

      28b77e68b269756ba427c8d30deef9de

    • SHA1

      815371ee33e46a6b1a1257b6e01bbaf46ce8d0f5

    • SHA256

      00c11ab6fa421c4e69915b1d5db441df33cfcc7c61128bb81029816fd0aa222e

    • SHA512

      23488adba74b5c22bca70c2b307020b00696eafc37041bd4a578227d2d4ac6c5ac5f1b107159ea9a15ff08fb865409e06164649a1a2b584fb5bc0b8186b73554

    • SSDEEP

      24576:REKNonGb2iV7XQyzP9miug5/JXqY/0u0DT:REK+nC7dmzg5Mu0

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks