General

  • Target

    7c57e080fad66909a105177a14c3e3dadef0cbf3ac40b97f7d6634683cddc94fN

  • Size

    3.3MB

  • Sample

    241004-dd8h2a1apl

  • MD5

    5ea8fe5507da29f15ad6522bcb8f57c0

  • SHA1

    54be767326c8168879bcb1eb92cc87a25a537224

  • SHA256

    7c57e080fad66909a105177a14c3e3dadef0cbf3ac40b97f7d6634683cddc94f

  • SHA512

    a20b9ea30d27d91d4ec1f0c6bafeaa320f479f2a052bbd5f3ee8d44d08539787c152421d59bd9f138bc3c0d282df9bc1e5d6ce2cb05d11d8bb33d36a7a7b9356

  • SSDEEP

    98304:Ub4mRM1NgEWifpbYagLm/LA82L0KAnNZ8YD:UEcuN1pfxDgL4M801o

Malware Config

Targets

    • Target

      7c57e080fad66909a105177a14c3e3dadef0cbf3ac40b97f7d6634683cddc94fN

    • Size

      3.3MB

    • MD5

      5ea8fe5507da29f15ad6522bcb8f57c0

    • SHA1

      54be767326c8168879bcb1eb92cc87a25a537224

    • SHA256

      7c57e080fad66909a105177a14c3e3dadef0cbf3ac40b97f7d6634683cddc94f

    • SHA512

      a20b9ea30d27d91d4ec1f0c6bafeaa320f479f2a052bbd5f3ee8d44d08539787c152421d59bd9f138bc3c0d282df9bc1e5d6ce2cb05d11d8bb33d36a7a7b9356

    • SSDEEP

      98304:Ub4mRM1NgEWifpbYagLm/LA82L0KAnNZ8YD:UEcuN1pfxDgL4M801o

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks