General

  • Target

    06873daaa7732dd430b975b6812e52712b285af5f0fc53935d1b356f3f8eff7a.exe

  • Size

    995KB

  • Sample

    240714-kh77dstbnm

  • MD5

    9eda902b52d2ab86289bf558788bbc02

  • SHA1

    e7de6294a4c00c5f5be1481d685e73ec8e394759

  • SHA256

    06873daaa7732dd430b975b6812e52712b285af5f0fc53935d1b356f3f8eff7a

  • SHA512

    f77ab04dd0404ab079f54050b2f0c069c77363514d8c6934c75a7ecaee251643d47f65f54c3004eb001e50c54e202276e53c70146c747cc975ad35248287f597

  • SSDEEP

    24576:8y55HPeub3xumiFgmGCmf6fDElmg50Ax93R+H:8y55xxumMkTx93

Score
10/10

Malware Config

Targets

    • Target

      06873daaa7732dd430b975b6812e52712b285af5f0fc53935d1b356f3f8eff7a.exe

    • Size

      995KB

    • MD5

      9eda902b52d2ab86289bf558788bbc02

    • SHA1

      e7de6294a4c00c5f5be1481d685e73ec8e394759

    • SHA256

      06873daaa7732dd430b975b6812e52712b285af5f0fc53935d1b356f3f8eff7a

    • SHA512

      f77ab04dd0404ab079f54050b2f0c069c77363514d8c6934c75a7ecaee251643d47f65f54c3004eb001e50c54e202276e53c70146c747cc975ad35248287f597

    • SSDEEP

      24576:8y55HPeub3xumiFgmGCmf6fDElmg50Ax93R+H:8y55xxumMkTx93

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks