General
-
Target
084edc7b5451c4e18a20ca7982787742.exe
-
Size
1.4MB
-
Sample
220829-ee283scdd5
-
MD5
084edc7b5451c4e18a20ca7982787742
-
SHA1
0c9899f2b4b46bfd903ce96b0c73899e6ba6952d
-
SHA256
d94aec0bdc801cd7cad261af02d7ed8f171374b1fbd101449013c2d166dc07ce
-
SHA512
c3c45b858524d0010f2f9124f6cdc01de1f5e1100c41914fbb9c9150c7d98840d7c0d18a4b976e74bc289654485b2fc8aaa0a8246d3e27ab3dd0e6c42728305f
-
SSDEEP
24576:xJiN7JdiObNHEnToSiqX4uKlyz/hQQ6c0gJgkKrM7cCFm:xJUJoKEn9iSKlkW9ekCRF
Behavioral task
behavioral1
Sample
084edc7b5451c4e18a20ca7982787742.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
084edc7b5451c4e18a20ca7982787742.exe
-
Size
1.4MB
-
MD5
084edc7b5451c4e18a20ca7982787742
-
SHA1
0c9899f2b4b46bfd903ce96b0c73899e6ba6952d
-
SHA256
d94aec0bdc801cd7cad261af02d7ed8f171374b1fbd101449013c2d166dc07ce
-
SHA512
c3c45b858524d0010f2f9124f6cdc01de1f5e1100c41914fbb9c9150c7d98840d7c0d18a4b976e74bc289654485b2fc8aaa0a8246d3e27ab3dd0e6c42728305f
-
SSDEEP
24576:xJiN7JdiObNHEnToSiqX4uKlyz/hQQ6c0gJgkKrM7cCFm:xJUJoKEn9iSKlkW9ekCRF
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies security service
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-