General

  • Target

    499892681280fc9d231c592992c4836792153efc11a296d401ec67138a2a8248.exe

  • Size

    1.4MB

  • Sample

    241003-brg7wsxckr

  • MD5

    58e2bd4ea00cd07e739bcb498a4034df

  • SHA1

    59646543130de9149932b00ce032380a596f1801

  • SHA256

    499892681280fc9d231c592992c4836792153efc11a296d401ec67138a2a8248

  • SHA512

    9a327796f95b23be6b9a464a88c24c0bc6066b938cf930667d149fe80478b2d8bdaebf4d0237de1e5db0fae43f770aa85f088677f5ccc6999a96d7ec07191623

  • SSDEEP

    24576:c+cqpmHHCv9Rn25gVq++Sr9rQaQNtnkuRnczBcQ/H7so6:c+wH+R99FQX1ZLQD

Score
10/10

Malware Config

Targets

    • Target

      499892681280fc9d231c592992c4836792153efc11a296d401ec67138a2a8248.exe

    • Size

      1.4MB

    • MD5

      58e2bd4ea00cd07e739bcb498a4034df

    • SHA1

      59646543130de9149932b00ce032380a596f1801

    • SHA256

      499892681280fc9d231c592992c4836792153efc11a296d401ec67138a2a8248

    • SHA512

      9a327796f95b23be6b9a464a88c24c0bc6066b938cf930667d149fe80478b2d8bdaebf4d0237de1e5db0fae43f770aa85f088677f5ccc6999a96d7ec07191623

    • SSDEEP

      24576:c+cqpmHHCv9Rn25gVq++Sr9rQaQNtnkuRnczBcQ/H7so6:c+wH+R99FQX1ZLQD

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks