General

  • Target

    apex_rewrite.exe

  • Size

    3.4MB

  • Sample

    240602-nhfc6abd8t

  • MD5

    bb662e9c860cbf0136f78e508ea7d458

  • SHA1

    13dacd7e2a7c543340f7562a4834ceb4c706bb27

  • SHA256

    62d07315b02f3e551503d0de3c8c83a2144ef2d19917482bc8ac8162186ba3b6

  • SHA512

    2b370b37e8db1ed7216ba416757aaa81e75e516ab57d1fe490d386bf8b8755fcedc9e53f4b3580f95f038aecc2d5e6f649f32013287fc151c8021730971eb617

  • SSDEEP

    49152:3H5RHq31cvDU+pUdnPMUc7QLLc4/m9dZfcEdMHKmEK0a+ym3C094CMba2xbSZhNX:JfQ+pUdjLLLcLDfc2MqLa+L952mhIB8

Score
10/10

Malware Config

Targets

    • Target

      apex_rewrite.exe

    • Size

      3.4MB

    • MD5

      bb662e9c860cbf0136f78e508ea7d458

    • SHA1

      13dacd7e2a7c543340f7562a4834ceb4c706bb27

    • SHA256

      62d07315b02f3e551503d0de3c8c83a2144ef2d19917482bc8ac8162186ba3b6

    • SHA512

      2b370b37e8db1ed7216ba416757aaa81e75e516ab57d1fe490d386bf8b8755fcedc9e53f4b3580f95f038aecc2d5e6f649f32013287fc151c8021730971eb617

    • SSDEEP

      49152:3H5RHq31cvDU+pUdnPMUc7QLLc4/m9dZfcEdMHKmEK0a+ym3C094CMba2xbSZhNX:JfQ+pUdjLLLcLDfc2MqLa+L952mhIB8

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks