General

  • Target

    56a5b0a28bb4b14956977dfe6def40a9_JaffaCakes118

  • Size

    6.5MB

  • Sample

    240718-kskh3s1dqr

  • MD5

    56a5b0a28bb4b14956977dfe6def40a9

  • SHA1

    59095e7afd64c91cc8f6d8a9eed3230d960f361e

  • SHA256

    24c7ce219369223dada0233930938d06b805f45b7062fdcbc1bcef643a337b8d

  • SHA512

    dd7803df4fd0b874b7239b28ff789b1e61fe3c62aab82a8c86489c4db3982bfebc371a5519412551a70996bffbd8e9d75ffcde0522229854e7431a21ea9a4d05

  • SSDEEP

    196608:+ohfVGzTVG5ymVr66MJblv/FkYiJqr5UH:Nf+TVG5xrVMJhv/bxu

Malware Config

Targets

    • Target

      56a5b0a28bb4b14956977dfe6def40a9_JaffaCakes118

    • Size

      6.5MB

    • MD5

      56a5b0a28bb4b14956977dfe6def40a9

    • SHA1

      59095e7afd64c91cc8f6d8a9eed3230d960f361e

    • SHA256

      24c7ce219369223dada0233930938d06b805f45b7062fdcbc1bcef643a337b8d

    • SHA512

      dd7803df4fd0b874b7239b28ff789b1e61fe3c62aab82a8c86489c4db3982bfebc371a5519412551a70996bffbd8e9d75ffcde0522229854e7431a21ea9a4d05

    • SSDEEP

      196608:+ohfVGzTVG5ymVr66MJblv/FkYiJqr5UH:Nf+TVG5xrVMJhv/bxu

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks