General

  • Target

    Desktop.exe

  • Size

    4.9MB

  • Sample

    240713-tl6bmszcrc

  • MD5

    ea14840181f0547b32fe549479280d27

  • SHA1

    70de994344a37be03b6c0dba8deb395d1c588afa

  • SHA256

    226a936a762be00940d7aefbf77aec54a106308e9da5201c0cdc2999278c90b3

  • SHA512

    cd8afb4fdbbdb202c8f8ad6ba66552e2137aab3602d0c10ab84a7adfa78d6a55a1ca381099b4f4539f4d379d7f1b207e21c27c79ccb80fd81dda08a37889c5ec

  • SSDEEP

    98304:Zqw/bgG3HZZAnU8Sm/vGJMERC6zXbHc/05xnhIdgcJcg+uYFgRevPNMv:Zqw/PXZZwSm/vGJMEVLGUFmcg+uDYNA

Score
10/10

Malware Config

Targets

    • Target

      Desktop.exe

    • Size

      4.9MB

    • MD5

      ea14840181f0547b32fe549479280d27

    • SHA1

      70de994344a37be03b6c0dba8deb395d1c588afa

    • SHA256

      226a936a762be00940d7aefbf77aec54a106308e9da5201c0cdc2999278c90b3

    • SHA512

      cd8afb4fdbbdb202c8f8ad6ba66552e2137aab3602d0c10ab84a7adfa78d6a55a1ca381099b4f4539f4d379d7f1b207e21c27c79ccb80fd81dda08a37889c5ec

    • SSDEEP

      98304:Zqw/bgG3HZZAnU8Sm/vGJMERC6zXbHc/05xnhIdgcJcg+uYFgRevPNMv:Zqw/PXZZwSm/vGJMEVLGUFmcg+uDYNA

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks