General

  • Target

    2a9911b83ab4ec159ae9a832daf85d90ce87f67630ebac6edcf3d027f333e784.exe

  • Size

    6.4MB

  • Sample

    240618-tcgxpavapr

  • MD5

    3ca68b395e2d0e4f88d7b99475c51c02

  • SHA1

    87ed68df60b2ef39407a3ba61c7413df5523dcfb

  • SHA256

    2a9911b83ab4ec159ae9a832daf85d90ce87f67630ebac6edcf3d027f333e784

  • SHA512

    4b74c524a1a5b63008a0fc4d26e5748776a63a6cc241f6b9feb0e381a4360b6062cefd6665219228944313566414895ed80f33af2d95e9ab7b091bae71549bd0

  • SSDEEP

    196608:ZC8xheAvb1etrb1HElXwGsjqGPIsUGIUN7QQ:Z+SeBbmlAbjrAQs

Score
10/10

Malware Config

Targets

    • Target

      2a9911b83ab4ec159ae9a832daf85d90ce87f67630ebac6edcf3d027f333e784.exe

    • Size

      6.4MB

    • MD5

      3ca68b395e2d0e4f88d7b99475c51c02

    • SHA1

      87ed68df60b2ef39407a3ba61c7413df5523dcfb

    • SHA256

      2a9911b83ab4ec159ae9a832daf85d90ce87f67630ebac6edcf3d027f333e784

    • SHA512

      4b74c524a1a5b63008a0fc4d26e5748776a63a6cc241f6b9feb0e381a4360b6062cefd6665219228944313566414895ed80f33af2d95e9ab7b091bae71549bd0

    • SSDEEP

      196608:ZC8xheAvb1etrb1HElXwGsjqGPIsUGIUN7QQ:Z+SeBbmlAbjrAQs

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks