General

  • Target

    59435c6b2d1bd3dfd8daf2feae93cdcba6f1e3bbebe2a6012fe9e82671279573

  • Size

    1.3MB

  • Sample

    250324-rf3x8avkv3

  • MD5

    c4c3dda932f1f288a7091eb1b6bfcc8f

  • SHA1

    63216a8fc66477860834a280b812b170863af11a

  • SHA256

    59435c6b2d1bd3dfd8daf2feae93cdcba6f1e3bbebe2a6012fe9e82671279573

  • SHA512

    cf6ed58e0942d09663627a79464bf77eccedfa79082fe12724a2fc022edd56c2107fae25be23bc14c070354583e06335dad635974a6a2f9d74c80ec6ea35b269

  • SSDEEP

    24576:mM0FvyGsOBDr8gCy5viNtXY91McnOTlRLzrwlKfPGGPwOQVC8+zJ:F0FvJzgSiNR5VzrwMfuG4OQ3+zJ

Malware Config

Targets

    • Target

      59435c6b2d1bd3dfd8daf2feae93cdcba6f1e3bbebe2a6012fe9e82671279573

    • Size

      1.3MB

    • MD5

      c4c3dda932f1f288a7091eb1b6bfcc8f

    • SHA1

      63216a8fc66477860834a280b812b170863af11a

    • SHA256

      59435c6b2d1bd3dfd8daf2feae93cdcba6f1e3bbebe2a6012fe9e82671279573

    • SHA512

      cf6ed58e0942d09663627a79464bf77eccedfa79082fe12724a2fc022edd56c2107fae25be23bc14c070354583e06335dad635974a6a2f9d74c80ec6ea35b269

    • SSDEEP

      24576:mM0FvyGsOBDr8gCy5viNtXY91McnOTlRLzrwlKfPGGPwOQVC8+zJ:F0FvJzgSiNR5VzrwMfuG4OQ3+zJ

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Dcrat family

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks