General

  • Target

    9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942.exe

  • Size

    1.6MB

  • Sample

    241031-d8gc2aygmd

  • MD5

    844679e76d8254bedd67c98610f7d7ac

  • SHA1

    4222ebbb055830096b829f072783423dbe255932

  • SHA256

    9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942

  • SHA512

    fddb80736936d7c0d46ec3958885237681cbbd416455d7a48d075092d38a0c5e435112c25b595b8cc99b0a8ed2143ac2f28e893373a7b6e9772ee722706a3c05

  • SSDEEP

    24576:2ztKoZmCJ4YrujnaOBDEzKt3pJqc7BnA8js2TvgAts0qB0FjbpcKSzQy8v1:O995MUzKNac7BnbbTvgCFTYQy+

Malware Config

Targets

    • Target

      9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942.exe

    • Size

      1.6MB

    • MD5

      844679e76d8254bedd67c98610f7d7ac

    • SHA1

      4222ebbb055830096b829f072783423dbe255932

    • SHA256

      9b08f03985d3378123ba236fae1b41b42fcc9af87932655a5120e04fa9a21942

    • SHA512

      fddb80736936d7c0d46ec3958885237681cbbd416455d7a48d075092d38a0c5e435112c25b595b8cc99b0a8ed2143ac2f28e893373a7b6e9772ee722706a3c05

    • SSDEEP

      24576:2ztKoZmCJ4YrujnaOBDEzKt3pJqc7BnA8js2TvgAts0qB0FjbpcKSzQy8v1:O995MUzKNac7BnbbTvgCFTYQy+

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Dcrat family

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks