General

  • Target

    9e128aa17df105d29fbf1da4673f15c3c2467829bb4dea076dd58b1fc260004fN.exe

  • Size

    828KB

  • Sample

    241222-g5jwjaxneq

  • MD5

    58af79b3ea2a593144474e327fa48a10

  • SHA1

    4a32b49ec04f6f8e3a7b2097fb9b5bb36f4dffcf

  • SHA256

    9e128aa17df105d29fbf1da4673f15c3c2467829bb4dea076dd58b1fc260004f

  • SHA512

    3923cfd4344b68a3b468f82b7e142ff5778a548cb692138ad7fee57ed0f003fa355a0b90b043ac78275a8489073bccdcc6aef9b1664b262b24a8a04a876bf13a

  • SSDEEP

    12288:K5jHYVjmobNqsKDsSvjbHQVtVZJizDxRxhDsGALvbI6bnY6a2Xu:1b4sKDZUZJuR/ALvbLnY8Xu

Score
10/10

Malware Config

Targets

    • Target

      9e128aa17df105d29fbf1da4673f15c3c2467829bb4dea076dd58b1fc260004fN.exe

    • Size

      828KB

    • MD5

      58af79b3ea2a593144474e327fa48a10

    • SHA1

      4a32b49ec04f6f8e3a7b2097fb9b5bb36f4dffcf

    • SHA256

      9e128aa17df105d29fbf1da4673f15c3c2467829bb4dea076dd58b1fc260004f

    • SHA512

      3923cfd4344b68a3b468f82b7e142ff5778a548cb692138ad7fee57ed0f003fa355a0b90b043ac78275a8489073bccdcc6aef9b1664b262b24a8a04a876bf13a

    • SSDEEP

      12288:K5jHYVjmobNqsKDsSvjbHQVtVZJizDxRxhDsGALvbI6bnY6a2Xu:1b4sKDZUZJuR/ALvbLnY8Xu

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Dcrat family

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks