General

  • Target

    nursultan alpha.exe

  • Size

    2.1MB

  • Sample

    240718-l1vjpatcml

  • MD5

    5a7e4da699bce68005b413cdd318e9de

  • SHA1

    cee6614980f50810d19c3c18d242d97400078a75

  • SHA256

    b27372b955d8e6cf46a3d36826511468504f8d58b5f24720351bf85f123cfea5

  • SHA512

    7dafdd1ba9941b2f332f596ceefb6e9e07768f63586a4a21b4a31bbe66b890e62935a38e82a7665b1154c66fe015b4ff68144885389fdc4318670f8c878cad3c

  • SSDEEP

    49152:UbA30/p0cfOZx9yRLMjyDYfG0TssZGe4lbY:UbTbfO40r3TssTgY

Score
10/10

Malware Config

Targets

    • Target

      nursultan alpha.exe

    • Size

      2.1MB

    • MD5

      5a7e4da699bce68005b413cdd318e9de

    • SHA1

      cee6614980f50810d19c3c18d242d97400078a75

    • SHA256

      b27372b955d8e6cf46a3d36826511468504f8d58b5f24720351bf85f123cfea5

    • SHA512

      7dafdd1ba9941b2f332f596ceefb6e9e07768f63586a4a21b4a31bbe66b890e62935a38e82a7665b1154c66fe015b4ff68144885389fdc4318670f8c878cad3c

    • SSDEEP

      49152:UbA30/p0cfOZx9yRLMjyDYfG0TssZGe4lbY:UbTbfO40r3TssTgY

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks