General

  • Target

    setup casino.msi

  • Size

    2.1MB

  • Sample

    240718-jmmktaselb

  • MD5

    84ab6181a31b1e3fa12b4f02232d7d76

  • SHA1

    b1e00a7042b549dd6a2d33f6fceec203319032f6

  • SHA256

    46f147b5b85dc612ec84ee8374442a90c6ab1c4ad9633a79e2c0c06693f6acc5

  • SHA512

    0a78f96bc38a7bc8c2f5a654d53917e0ad5ffa97e87a6c8186083ba964bcc906f760a89fe1f87e18401ec97a1a6ef13d1d28960c201c99c37b96f906c31d48b2

  • SSDEEP

    24576:U2G/nvxW3Ww0t3/zc4VamhOsJ5RnPQfV8N8cqKuAsqh9k9sUn5yYr8XLFNBxN8yq:UbA303/zc4jhoiSnqkxYYr8XLV8yr9TA

Score
10/10

Malware Config

Targets

    • Target

      setup casino.msi

    • Size

      2.1MB

    • MD5

      84ab6181a31b1e3fa12b4f02232d7d76

    • SHA1

      b1e00a7042b549dd6a2d33f6fceec203319032f6

    • SHA256

      46f147b5b85dc612ec84ee8374442a90c6ab1c4ad9633a79e2c0c06693f6acc5

    • SHA512

      0a78f96bc38a7bc8c2f5a654d53917e0ad5ffa97e87a6c8186083ba964bcc906f760a89fe1f87e18401ec97a1a6ef13d1d28960c201c99c37b96f906c31d48b2

    • SSDEEP

      24576:U2G/nvxW3Ww0t3/zc4VamhOsJ5RnPQfV8N8cqKuAsqh9k9sUn5yYr8XLFNBxN8yq:UbA303/zc4jhoiSnqkxYYr8XLV8yr9TA

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks