General

  • Target

    500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015.exe

  • Size

    2.3MB

  • Sample

    241230-csg4ysvkdz

  • MD5

    97177514cab51539083ef130f005bbd1

  • SHA1

    49e2661ee3e8f6fd6b06334b00543590ed8fe208

  • SHA256

    500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015

  • SHA512

    7ce6e7255d482b7c78f759098f9744f5f0ef462a79ad061d19f8036061b807963c924665bbe66e23e26a36990b5849d527b750ab6d0e9f6010cf4d665ec3d897

  • SSDEEP

    49152:2QZEVRb3qgQujSIZijBW7vrGGzt2q5je54Ng3q1qrFBZT4:2GEVRagQujSei5GpZJCmqrZT

Score
10/10

Malware Config

Targets

    • Target

      500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015.exe

    • Size

      2.3MB

    • MD5

      97177514cab51539083ef130f005bbd1

    • SHA1

      49e2661ee3e8f6fd6b06334b00543590ed8fe208

    • SHA256

      500a74281de1bc8e6eb4e08eb8705235f4436ccb209ecaca91fe4ad43a869015

    • SHA512

      7ce6e7255d482b7c78f759098f9744f5f0ef462a79ad061d19f8036061b807963c924665bbe66e23e26a36990b5849d527b750ab6d0e9f6010cf4d665ec3d897

    • SSDEEP

      49152:2QZEVRb3qgQujSIZijBW7vrGGzt2q5je54Ng3q1qrFBZT4:2GEVRagQujSei5GpZJCmqrZT

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Dcrat family

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks