4ced2056e4efe1c93b9f4adaaeaba20c.exe

General
Target

4ced2056e4efe1c93b9f4adaaeaba20c.exe

Size

607KB

Sample

210111-xfhgmxjy6n

Score
10 /10
MD5

4ced2056e4efe1c93b9f4adaaeaba20c

SHA1

b975777c42d7d8fb04c34a2efc64dc5e4c574712

SHA256

f6a307d243c407c27489de37adac83e9205be531cbb4e2cb71545627faf813fd

SHA512

014df0ad54bf23335f964fa4e313a91b60b3ea2c62b73a306e973177830b573666aaebc1932cafa766042f34b8e32adcfabe3027aae2cc09341fd138a8963eaf

Malware Config
Targets
Target

4ced2056e4efe1c93b9f4adaaeaba20c.exe

MD5

4ced2056e4efe1c93b9f4adaaeaba20c

Filesize

607KB

Score
10 /10
SHA1

b975777c42d7d8fb04c34a2efc64dc5e4c574712

SHA256

f6a307d243c407c27489de37adac83e9205be531cbb4e2cb71545627faf813fd

SHA512

014df0ad54bf23335f964fa4e313a91b60b3ea2c62b73a306e973177830b573666aaebc1932cafa766042f34b8e32adcfabe3027aae2cc09341fd138a8963eaf

Tags

Signatures

  • DcRat

    Description

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    Tags

  • DC Rat Payload

    Description

    Detects payload of DCRat, commonly dropped by NSIS installers.

    Tags

  • Disables Task Manager via registry modification

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
              Privilege Escalation