General

  • Target

    cd00aad859a5174809f84f655e21fbada58ec399ed8bc01d3c3470199ea67620.exe

  • Size

    1.1MB

  • Sample

    240623-brgalaxgkr

  • MD5

    055836239bcebdec13b95d88d3a077ac

  • SHA1

    95d6f49abc2690f319ec5ed897f3a58debd06cd3

  • SHA256

    cd00aad859a5174809f84f655e21fbada58ec399ed8bc01d3c3470199ea67620

  • SHA512

    f09a9114bd0792b6cb1d141d1d0a6a3fb211ebd25e9e546d25f054f6076d29c7436763177895b2cd2240c431bcf3892be390c6422ff580cba56a02c0d60945a9

  • SSDEEP

    24576:U2G/nvxW3Ww0tHHmRNXCENUiR5SJWNRg16lY:UbA30HHmRhNDTNev

Score
10/10

Malware Config

Targets

    • Target

      cd00aad859a5174809f84f655e21fbada58ec399ed8bc01d3c3470199ea67620.exe

    • Size

      1.1MB

    • MD5

      055836239bcebdec13b95d88d3a077ac

    • SHA1

      95d6f49abc2690f319ec5ed897f3a58debd06cd3

    • SHA256

      cd00aad859a5174809f84f655e21fbada58ec399ed8bc01d3c3470199ea67620

    • SHA512

      f09a9114bd0792b6cb1d141d1d0a6a3fb211ebd25e9e546d25f054f6076d29c7436763177895b2cd2240c431bcf3892be390c6422ff580cba56a02c0d60945a9

    • SSDEEP

      24576:U2G/nvxW3Ww0tHHmRNXCENUiR5SJWNRg16lY:UbA30HHmRhNDTNev

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks