General

  • Target

    suspended_launcher.rar

  • Size

    2.7MB

  • Sample

    240711-rbvq2syhmq

  • MD5

    6603c884d2b15fffa788d7ef45ccfb6f

  • SHA1

    30568b6337efd05477df0c86ffc0d5e88bab83b7

  • SHA256

    3ce2d0743da8ebdc90f68933fdc80198ea3539f6fb070ef022ce8458ae2b5e42

  • SHA512

    c841466d81d826a1fe6144c2229764a18085ca8840ee4c158df709cf0679b6db2d57bd148373edfa13216b418c789d65d79ab5bf2759185294fa55f8124d2abe

  • SSDEEP

    49152:kvOJ7SYUWDD24rEizJ99qYXPu5MZmTJKBO2wC/G0UsH5L8KP54QqZ:D2YUQ24wiNPqYXW5NYLPG0BZHK1Z

Malware Config

Targets

    • Target

      suspended_launcher.rar

    • Size

      2.7MB

    • MD5

      6603c884d2b15fffa788d7ef45ccfb6f

    • SHA1

      30568b6337efd05477df0c86ffc0d5e88bab83b7

    • SHA256

      3ce2d0743da8ebdc90f68933fdc80198ea3539f6fb070ef022ce8458ae2b5e42

    • SHA512

      c841466d81d826a1fe6144c2229764a18085ca8840ee4c158df709cf0679b6db2d57bd148373edfa13216b418c789d65d79ab5bf2759185294fa55f8124d2abe

    • SSDEEP

      49152:kvOJ7SYUWDD24rEizJ99qYXPu5MZmTJKBO2wC/G0UsH5L8KP54QqZ:D2YUQ24wiNPqYXW5NYLPG0BZHK1Z

    Score
    3/10
    • Target

      FontAwesome.Sharp.dll

    • Size

      744KB

    • MD5

      8e1d06bb6fd86a5c7bcfc1e46d14051e

    • SHA1

      54ccab10966033b2a9814495f8d04c90c44dcceb

    • SHA256

      d80d15153dfa5a900cbd6183a831fe901f1072264a5b65076c364562c213c6b3

    • SHA512

      f296b223beeead0520ca912af6b81a772bf4012ddd519842d604c092e0284fbb6adaf8fddb4d4e5fe06cf55c5e9326fa4782acf28c646279cc1a7378786f9fa8

    • SSDEEP

      12288:q2gAGq62BdaqtL4MD0BK/dpyDkXcx0cmUYwxMH8:nhBdaqtL4wr8kX8EoM

    Score
    1/10
    • Target

      FontAwesome5.Net.dll

    • Size

      1.1MB

    • MD5

      31ed6ec00cc1fdc013867eece84bec47

    • SHA1

      6b60566f4891c7b8b2d2d3e278e9e0abae10d0dd

    • SHA256

      fd4d8ee0fe47c19a5388b80b758b427cf1a05ec3a7290fe8a0203b1d7033911a

    • SHA512

      7d658a6fffe56a08e20114f7e46e59032550c1f204d9e59a17a595e1313aae9be0131a5314972b018ca15b8f3efe8e80e8e4d105a999c3bbe9fb88e57e7fbed1

    • SSDEEP

      12288:/itiH4G3rImrnhWki0vMkET5tuI6jR031JFsUDJCnwLuWMGAEJi+eQn0Jj8yKq8m:atiHdb9rmvRldneYu78Sl8XI

    Score
    1/10
    • Target

      FontAwesome5.dll

    • Size

      2.3MB

    • MD5

      2703e58ad679d4af8f7750f0f86f21b3

    • SHA1

      15dd42f9361d7c61b246b9fff4b547362d1fec3c

    • SHA256

      288faeae1f76e37bc4ecf3cf0227754e9e10172c9cece36385049b58cc94fc12

    • SHA512

      a6203a0c9cf0b00fc2c42daf9066a8cc1d4e9b4bc43d5b949981fb96bc212c6654e18168feee664ce3e5c41e78b76f9fc8ddd62311a3050388fa3fcca043d7e0

    • SSDEEP

      24576:YmPFR6o/lASpYj6P/Mzk6A/MBn/MBY63Piu64/MX/MbIt6NlBda/b7wm1FE//Z8Q:YSY

    Score
    1/10
    • Target

      Guna.UI2.dll

    • Size

      2.1MB

    • MD5

      b429ae86c5be521bc8ca3b164cec3acb

    • SHA1

      387560073ff5a1f2191abc6f75fc34532bbb6dd2

    • SHA256

      3ac70532408b89159bfe235d4ed228faa03ae3fbd63ec6a82d895f287a3b0579

    • SHA512

      eae65de53da50708983ed8ebf9e1e3dd5f9aea95a354d272e199bb59517f62bfe35f0df7a37d81ab0423d0d6d29304fa70284c731bd54023e446b2c19bacafb1

    • SSDEEP

      24576:DgWuftU4WrNOA6sM6kXxMfNmnjk/c5NrH0UUoo2QkJXVSItH5ppoO0KzJ6nFwHQL:DA+NOpXm1mnj0cP+DkhMAiawnFV

    Score
    1/10
    • Target

      MahApps.Metro.IconPacks.Core.dll

    • Size

      19KB

    • MD5

      f53bdeff3bf3261d76f67590f75978d5

    • SHA1

      32d9598e205658bf0f54b9a0ac14801740ba8f9b

    • SHA256

      50ff62f374c37911e2c8d61f9adcdb19f566335359c2a3d215b05c08c4dbe30b

    • SHA512

      aeea279600fa23843a684903a8bfea055900b0352917c64b43ae35a839a7197adcb1b9c37ba86049985c634ef2bbaf70b72c66c7ff0ddb8affc9ca6238406ec8

    • SSDEEP

      384:n7bCWqx4TzySmxVu0siRnKQnu5YGzPj8tFq3qs6js62sXu4qPsTTljzmwROo7QD6:nHCWtsxVuPiRn3uy6kFyUjsQXkKVSD6

    Score
    1/10
    • Target

      MahApps.Metro.IconPacks.FontAwesome.dll

    • Size

      2.3MB

    • MD5

      585743c9cf382de33abc16fc5f492af1

    • SHA1

      a9d803ef6102dcb1f84a15bc181e68aa25d2b045

    • SHA256

      d6cb82fa1326d55dd1aeab8d9eeafd6481c8b8f52de4d443c04ad66c5e973d27

    • SHA512

      2ec853ac47ed7be1df0c0cce964745e98e0eeabe42bace5ab904ab52166be536097933202f1e3ab587b685be18230ba76aa3aa722d4a69b0d9a31368bfec9645

    • SSDEEP

      24576:cS4ojPJMaMIU11zYHfa//KM6sA/lUPKHMhY+4Pv6P/Mzk6A/MBn/MBY6k94PEeBU:c3ojPJM7

    Score
    1/10
    • Target

      Suspended Launcher.deps.json

    • Size

      4KB

    • MD5

      af8f5ac71483f9ccf6360b2896cca77a

    • SHA1

      84c80899ca6e3bb3e6718673fba744780fcc96ee

    • SHA256

      f18da313374eabadc4d11045b558ce8f53eda0b5f22f8805690d06a00da90e38

    • SHA512

      81e21ecdb3ea6d7ecd1def0cd0f2a51aaff19e6b54bf991d3ae32fd61231b98e07b456bc0854bda18081956e08fe6f061aafa0e575df6ca9ab9baf877025eec7

    • SSDEEP

      96:C0XXtwNdfQrJTwTzLuMjsO6wNjMw7rJ95/aEi+:C0XXtwTfQrJ0T2ysO6wuw7rT9i+

    Score
    3/10
    • Target

      Suspended Launcher.dll

    • Size

      40KB

    • MD5

      6b0ec1a255360ca5578e69b7b2fd133c

    • SHA1

      0b9b3de58804927e8675c0de1ebdab9fca6229e1

    • SHA256

      6cbf8fbfc90fbcd25acfef498c6fa6b7415c07a654430e1d25139b0cd72de89d

    • SHA512

      5c8c992a543342f85cc0272c0c18ad9f6ccf28abf42390bdbaefa9b1bebd94980013a37a8e61513f0dcf819d5c1329cdd79f10ecda6414b3f175b2378f182d5d

    • SSDEEP

      768:IrFHgVHnGz1NF79xntOdoxj8fPhmB5bv2Jef7:vHGz139xntKosm/bf7

    Score
    1/10
    • Target

      Suspended Launcher.exe

    • Size

      139KB

    • MD5

      eaf55ba3f7fbdf3f724b6e591d358cb8

    • SHA1

      fee13fe77dcb389fd208c6a6f2d0d43a3e347741

    • SHA256

      654fa0b059ae9c38d968c8a3ea24ebce1fa198d4c1baccab1488d2dc8419a7d7

    • SHA512

      e86079276fa473055c43da0a3e25e09c537ae2ea0addb0a88fdc6e4350d3cce5c341e64eb76ec4e8d1b412c9e0eb88b168e86363509c0e96b4d6d081150dd5e1

    • SSDEEP

      3072:ZiS4omp03WQthI/US3BZC0EiRQ1G78IVn2tbSkcJt8ltP7:ZiS4ompBUS3BZC0C1G78IVEcXctP

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      Suspended Launcher.pdb

    • Size

      20KB

    • MD5

      b462e5be849d0c4cdee283fdcc8f7442

    • SHA1

      da63ab6e5fa3e2104acbd076391cbf6fd6047df2

    • SHA256

      df7f050eda61e2cd9ca8feb7b59673c9b322fe8dfbd2c6c308fbe1c7ba3cbb92

    • SHA512

      06bea65039a366299a78f46371c2232814e737d080c4c05e33a2361e6f50cb10785583d09121997ff02c9350863d1a039a98f476c20f52ccb1d25887f5ecccef

    • SSDEEP

      384:BW5ByVOeydB7mgZeAUD+lX+A60a09v2osS0HZtOGjBO7QUMbpBQPMg/cpX4rfH8H:BpVOddBSgfUDNTOUeGbpBQ0gEUAAoD2A

    Score
    3/10
    • Target

      Suspended Launcher.runtimeconfig.json

    • Size

      458B

    • MD5

      07b9a30265ca4e69c7016a1b6e3ffc27

    • SHA1

      3a4af82a2695b1423aedd8b60a5c86793c011b02

    • SHA256

      c71152bf25e40d647b2440c5b39be157a3d356106be9d5b678ab97bb87b4e782

    • SHA512

      efd582f8edcdba5ef48d02eee5f73d83ff35071af99b49e08e0213928568d728d0856e3b903bfcccb9237f786846cf94da83139f99e9bee86287aff2071c3f1c

    Score
    3/10
    • Target

      System.Management.dll

    • Size

      72KB

    • MD5

      1c71e5310151ce1e9a3a92797776bdad

    • SHA1

      fd452b874fec4a9dae61a3710fb32749dc7d701e

    • SHA256

      f515ca5c944c332ab706ff0a7c2e53e66d0d9d8a663e9b2691b35129ee22559b

    • SHA512

      2a4f18c77449c2d06a3ab6807338f73b03b1faa332e78319829ba3a2b6fd98bb9a83c5e29b47d55e4ce7f0dfdcd8524fa592a0f3ca8ee09daae2894b681265a8

    • SSDEEP

      768:BrEP45HksbMU3se5c/0b/9nLZV1BCUkVoV0lP7H0CkkiSLJKdbY8Mtuo0eDQP9zu:bbz5wulNV1zkSQzHxkxS9yc8no0nzu

    Score
    1/10
    • Target

      runtimes/win/lib/net7.0/System.Management.dll

    • Size

      288KB

    • MD5

      76e0aaa7182e77403bf6fe2af8d90f28

    • SHA1

      d013c5d649f9ebce5bee1c8b774f3290b1f1f532

    • SHA256

      a7e248c3e6f25f4673e2006fa77f4a4322a3c74c2652dcc395178329feb7ff28

    • SHA512

      8e161a375fe174d9b203c2a098c92aff411d8521eef133d5174ae7409c394157f7a067c2a9dfe3f76cb02acbed52c33a11579b9a1cbee75e4092e6487d1a7bc1

    • SSDEEP

      6144:TMbKUVLmD7HP9ab+T5sBFzPnQpEZFAc2Q:45VL2Z++tw92Q

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks