General
-
Target
47914fa6b0464f1a14c06792e85ce1ba4620b950a1dfb5168d097fda39b8a6fe
-
Size
1.4MB
-
Sample
220830-gnn4xscfgm
-
MD5
5d66bae46d9759662f2309dc9bb8d2cc
-
SHA1
bd553872c196f31bc879555ae9f68dca5a337ba7
-
SHA256
47914fa6b0464f1a14c06792e85ce1ba4620b950a1dfb5168d097fda39b8a6fe
-
SHA512
18f49104b2de5cae32e90d43eab28ed37a5dcb5a661ce3fa57b52555009f3fd88683d711c631420acd01d1a24dafee94539c6143e185f7ecbb6d7646fbd5e3c1
-
SSDEEP
24576:9PV32MblP1ol19heoF6heWOeWlERO6XmN/DipYrkJDF:/324okobWyl3N/Di4k
Malware Config
Targets
-
-
Target
47914fa6b0464f1a14c06792e85ce1ba4620b950a1dfb5168d097fda39b8a6fe
-
Size
1.4MB
-
MD5
5d66bae46d9759662f2309dc9bb8d2cc
-
SHA1
bd553872c196f31bc879555ae9f68dca5a337ba7
-
SHA256
47914fa6b0464f1a14c06792e85ce1ba4620b950a1dfb5168d097fda39b8a6fe
-
SHA512
18f49104b2de5cae32e90d43eab28ed37a5dcb5a661ce3fa57b52555009f3fd88683d711c631420acd01d1a24dafee94539c6143e185f7ecbb6d7646fbd5e3c1
-
SSDEEP
24576:9PV32MblP1ol19heoF6heWOeWlERO6XmN/DipYrkJDF:/324okobWyl3N/Di4k
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies security service
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-