General

  • Target

    592209c622e77aae9a7a9b3c76a80d5f.exe

  • Size

    828KB

  • Sample

    241004-nc5qvsveqh

  • MD5

    592209c622e77aae9a7a9b3c76a80d5f

  • SHA1

    e83c0edfb1b624cb0ca1aa53ac73261930816581

  • SHA256

    39c548d4cf4fdfb68e52b2efab294b4c55fcb9f7053fd5a8eba1224671f16688

  • SHA512

    30dd0f90ef89d1a2be53ebd599602aa3aa0b09d3e5ab7b94a4badb032161466cb90d6ce563948a6c8043a2ad396df62d40dae89f1fd7620a2403f51c48435003

  • SSDEEP

    12288:3axeKG7goA26EGIXA0XKjVNrGLVPEVYYNN1En:AU7goA24IXA0XKjYEjNzEn

Score
10/10

Malware Config

Targets

    • Target

      592209c622e77aae9a7a9b3c76a80d5f.exe

    • Size

      828KB

    • MD5

      592209c622e77aae9a7a9b3c76a80d5f

    • SHA1

      e83c0edfb1b624cb0ca1aa53ac73261930816581

    • SHA256

      39c548d4cf4fdfb68e52b2efab294b4c55fcb9f7053fd5a8eba1224671f16688

    • SHA512

      30dd0f90ef89d1a2be53ebd599602aa3aa0b09d3e5ab7b94a4badb032161466cb90d6ce563948a6c8043a2ad396df62d40dae89f1fd7620a2403f51c48435003

    • SSDEEP

      12288:3axeKG7goA26EGIXA0XKjVNrGLVPEVYYNN1En:AU7goA24IXA0XKjYEjNzEn

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks