General

  • Target

    d675f72b0bc010f74a28dfb3401dd69dbae5d21a55624a827fa70d1041367d13.exe

  • Size

    1.1MB

  • Sample

    240618-xv8d5sygjn

  • MD5

    23a1767d4e77693bd46f3abfcf10e4d7

  • SHA1

    1be797ac1e5180f8bb51b359b7c8dc88daf2732e

  • SHA256

    d675f72b0bc010f74a28dfb3401dd69dbae5d21a55624a827fa70d1041367d13

  • SHA512

    c5cc36fde16459b113165f0269f72bdbe92fcb2695399569e504d6c70f5bc8037b0f7e0cc5d9bb8b1159ead680e2519e7f9081e45d4bc4e92f4508e13d41601d

  • SSDEEP

    24576:U2G/nvxW3Ww0tpQfgeUO7llNndNogBuHtz4s:UbA30pQZ7tdmh

Score
10/10

Malware Config

Targets

    • Target

      d675f72b0bc010f74a28dfb3401dd69dbae5d21a55624a827fa70d1041367d13.exe

    • Size

      1.1MB

    • MD5

      23a1767d4e77693bd46f3abfcf10e4d7

    • SHA1

      1be797ac1e5180f8bb51b359b7c8dc88daf2732e

    • SHA256

      d675f72b0bc010f74a28dfb3401dd69dbae5d21a55624a827fa70d1041367d13

    • SHA512

      c5cc36fde16459b113165f0269f72bdbe92fcb2695399569e504d6c70f5bc8037b0f7e0cc5d9bb8b1159ead680e2519e7f9081e45d4bc4e92f4508e13d41601d

    • SSDEEP

      24576:U2G/nvxW3Ww0tpQfgeUO7llNndNogBuHtz4s:UbA30pQZ7tdmh

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks