General

  • Target

    4021df69fad7e54ef1154a5322b1eece.exe

  • Size

    2.2MB

  • Sample

    240623-fdy1pszgnh

  • MD5

    4021df69fad7e54ef1154a5322b1eece

  • SHA1

    ece1a3140a5a394c4a57f110609b9d494e6f59f5

  • SHA256

    3bf9e41b570eeb923ed1f44e1fffa81fbd3dfe9f0324c594327d2d271af8cc6f

  • SHA512

    0e0a18d8b319f2ff1de023ef8f43d905bbb47e08515ce91a02a868c5ed948fb02ee62576967512582c67da5593618526be8ae272a6e9b3fc4c664d40bd51e9d4

  • SSDEEP

    49152:HHoNElLsaAB3Olt0BSXYAnjE5fqpCUdwUencN:HHjlLsxeAIj5pCwe

Score
10/10

Malware Config

Targets

    • Target

      4021df69fad7e54ef1154a5322b1eece.exe

    • Size

      2.2MB

    • MD5

      4021df69fad7e54ef1154a5322b1eece

    • SHA1

      ece1a3140a5a394c4a57f110609b9d494e6f59f5

    • SHA256

      3bf9e41b570eeb923ed1f44e1fffa81fbd3dfe9f0324c594327d2d271af8cc6f

    • SHA512

      0e0a18d8b319f2ff1de023ef8f43d905bbb47e08515ce91a02a868c5ed948fb02ee62576967512582c67da5593618526be8ae272a6e9b3fc4c664d40bd51e9d4

    • SSDEEP

      49152:HHoNElLsaAB3Olt0BSXYAnjE5fqpCUdwUencN:HHjlLsxeAIj5pCwe

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks