General

  • Target

    534a9bfaa8222622d1a5f3513c9a6aa4ed11f0a9b49b485b11b7c50dae305984.exe

  • Size

    1.1MB

  • Sample

    240623-1jymcataqh

  • MD5

    23c411b08f12615f0eefa09ebd27d822

  • SHA1

    f75268920f044c1af852400793f3d02cbee3f449

  • SHA256

    534a9bfaa8222622d1a5f3513c9a6aa4ed11f0a9b49b485b11b7c50dae305984

  • SHA512

    7831c70eea953dcd6ad0276e19a5dbd32a7a048475aaa0e3fa3a4418bc4738a86f8a5c224955b121f9bf877fbea03b07651e66ee1097b01ca39ac94ead15e552

  • SSDEEP

    24576:U2G/nvxW3Ww0tBgzUWK2vml/ZmShJkcQxqQQ:UbA30BgzUxGSmA

Score
10/10

Malware Config

Targets

    • Target

      534a9bfaa8222622d1a5f3513c9a6aa4ed11f0a9b49b485b11b7c50dae305984.exe

    • Size

      1.1MB

    • MD5

      23c411b08f12615f0eefa09ebd27d822

    • SHA1

      f75268920f044c1af852400793f3d02cbee3f449

    • SHA256

      534a9bfaa8222622d1a5f3513c9a6aa4ed11f0a9b49b485b11b7c50dae305984

    • SHA512

      7831c70eea953dcd6ad0276e19a5dbd32a7a048475aaa0e3fa3a4418bc4738a86f8a5c224955b121f9bf877fbea03b07651e66ee1097b01ca39ac94ead15e552

    • SSDEEP

      24576:U2G/nvxW3Ww0tBgzUWK2vml/ZmShJkcQxqQQ:UbA30BgzUxGSmA

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks