General

  • Target

    8afdf3a8d8d1dd5e8268ff1b0a2d5892_JaffaCakes118

  • Size

    2.4MB

  • Sample

    240601-tjnntagb9x

  • MD5

    8afdf3a8d8d1dd5e8268ff1b0a2d5892

  • SHA1

    56c0f4cb77b15bebf37fa9b04056a3f8b1967448

  • SHA256

    cfa4c2dd4f3589460c4f54c80f78e2065be7d5594f2196a04f5dff38c496120a

  • SHA512

    c0e3bcc3c33ff7540887ac42d79a67109d0bdc83ec3188a6ecee0501df3406a28f5263d30428d740dc775feb97363541d73f4fc32ee263f4b760bf6a314ef314

  • SSDEEP

    49152:s6By4HXlc1GQqRFtlry2jFwIKzczbgPeJrixIzirR/1a8e2WWntJsKV2:VXlc1xqRFtd/KzYOIix7rR/w8e2LPs7

Score
10/10

Malware Config

Targets

    • Target

      8afdf3a8d8d1dd5e8268ff1b0a2d5892_JaffaCakes118

    • Size

      2.4MB

    • MD5

      8afdf3a8d8d1dd5e8268ff1b0a2d5892

    • SHA1

      56c0f4cb77b15bebf37fa9b04056a3f8b1967448

    • SHA256

      cfa4c2dd4f3589460c4f54c80f78e2065be7d5594f2196a04f5dff38c496120a

    • SHA512

      c0e3bcc3c33ff7540887ac42d79a67109d0bdc83ec3188a6ecee0501df3406a28f5263d30428d740dc775feb97363541d73f4fc32ee263f4b760bf6a314ef314

    • SSDEEP

      49152:s6By4HXlc1GQqRFtlry2jFwIKzczbgPeJrixIzirR/1a8e2WWntJsKV2:VXlc1xqRFtd/KzYOIix7rR/w8e2LPs7

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks