General

  • Target

    87aabada24265836ba604a2b3e8f37a0384ae01cae3554e2bbb0688200e27d01.exe

  • Size

    828KB

  • Sample

    240601-bmvmesdc34

  • MD5

    49b61d151699e4fa7e5530b05455450e

  • SHA1

    6c292332561fdbd00163b45bdf8f3eee737fadee

  • SHA256

    87aabada24265836ba604a2b3e8f37a0384ae01cae3554e2bbb0688200e27d01

  • SHA512

    19ac471f2ff96c09030fd453008cc9744259280af43e87a01329b3378a263ad49ead6c0f4ca14a4223623f7fda116cea8f1f10fdac4cff100c037891059860bd

  • SSDEEP

    12288:ql20oWgRNeR1k5u5cKO6bnfk2jyFdXYygXQARV/pJ:qlqR8R1l5cKvbdjyFdYytg/pJ

Score
10/10

Malware Config

Targets

    • Target

      87aabada24265836ba604a2b3e8f37a0384ae01cae3554e2bbb0688200e27d01.exe

    • Size

      828KB

    • MD5

      49b61d151699e4fa7e5530b05455450e

    • SHA1

      6c292332561fdbd00163b45bdf8f3eee737fadee

    • SHA256

      87aabada24265836ba604a2b3e8f37a0384ae01cae3554e2bbb0688200e27d01

    • SHA512

      19ac471f2ff96c09030fd453008cc9744259280af43e87a01329b3378a263ad49ead6c0f4ca14a4223623f7fda116cea8f1f10fdac4cff100c037891059860bd

    • SSDEEP

      12288:ql20oWgRNeR1k5u5cKO6bnfk2jyFdXYygXQARV/pJ:qlqR8R1l5cKvbdjyFdYytg/pJ

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks