General

  • Target

    mimit.bat

  • Size

    1.6MB

  • Sample

    240622-yjgmqawenr

  • MD5

    aac440cf5d1026e1de84b116ee4ac8ab

  • SHA1

    b0008427aa44cec82ec7cd6d98269dc4be94726b

  • SHA256

    354d89f962576dfcba2bef6d7a28fd37b148154af34e05862c5918957ce50198

  • SHA512

    cc4635414fa41df634e3be72e8dff997f004e02bdb65b765821824d2f60cd94be4431b9a0b651154fd07eda4ab6ae674d807457e1c4751250b9693013d141368

  • SSDEEP

    24576:U2G/nvxW3Ww0t7Q1G8olW0YuxG2pihEm2Aq0qRtUrH2zUdI9+MMt97DhBZoaaKT:UbA307QE96SVXCK8I9+MMLvZjaW

Score
10/10

Malware Config

Targets

    • Target

      mimit.bat

    • Size

      1.6MB

    • MD5

      aac440cf5d1026e1de84b116ee4ac8ab

    • SHA1

      b0008427aa44cec82ec7cd6d98269dc4be94726b

    • SHA256

      354d89f962576dfcba2bef6d7a28fd37b148154af34e05862c5918957ce50198

    • SHA512

      cc4635414fa41df634e3be72e8dff997f004e02bdb65b765821824d2f60cd94be4431b9a0b651154fd07eda4ab6ae674d807457e1c4751250b9693013d141368

    • SSDEEP

      24576:U2G/nvxW3Ww0t7Q1G8olW0YuxG2pihEm2Aq0qRtUrH2zUdI9+MMt97DhBZoaaKT:UbA307QE96SVXCK8I9+MMLvZjaW

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks