General

  • Target

    586551303debdcf610645e79397bba4d.bin

  • Size

    594KB

  • Sample

    240623-cb9gwayfpm

  • MD5

    d8d31019b25f7158863b69a6212ee5e3

  • SHA1

    cf3e2fdc2b9117c1b5c6a0c8a5b09c600a9f2027

  • SHA256

    d1b20b4ecb2d74b150db9e5f50c3345035ad8ac8517f0f27b0bd4fb12aeef730

  • SHA512

    242e12cf3a17699a31052ecf47020e63251dda854de53f3fa09bdbd04780b49b12b4c9f63eb6b26364805bba813015de8f3b666972f8587e2a23cab1024c5161

  • SSDEEP

    12288:2qNNZWg9b1rr1ZJ0U64fKXZlMHafReBFj5lL37T4lFrPPw45WH7I0ENXhu9:PzDb2fxenjf34zrnw45WH7Iy9

Score
10/10

Malware Config

Targets

    • Target

      2d578ea6dc9a22d8b7ef1ed05429560daebb9847de4c4e42d84de61b2cecb8d9.exe

    • Size

      1.1MB

    • MD5

      586551303debdcf610645e79397bba4d

    • SHA1

      3ebc6e5ae076f40c5b65a955549efb20af93db4c

    • SHA256

      2d578ea6dc9a22d8b7ef1ed05429560daebb9847de4c4e42d84de61b2cecb8d9

    • SHA512

      21cab4ac88765f77682f8271d9de126b92fc57e793b702c7ae8d5aefefdfb245c2ad1b9880635ebdfc857ed6739fa9582a4380f7c95545aa8261526e812072a7

    • SSDEEP

      24576:U2G/nvxW3Ww0tfSxBXpxsfdnRegCieaho8AAe:UbA30f8xsVnRegCXQfO

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks