General
-
Target
NEAS.24bf7c47cb5c94e3ef84baf4dacce6f0.exe
-
Size
1.4MB
-
Sample
231117-14fl9sga3v
-
MD5
24bf7c47cb5c94e3ef84baf4dacce6f0
-
SHA1
ae7892a2ca0fd30f4657a7d4b4f46d2e51069a8c
-
SHA256
df41429f2b77bca4585a380bcf2bc1c734f8a1312c6311938b03e80376e74803
-
SHA512
5630529f86dc585b4eaedab7e8eabc7f35b5dc5210488eec9a1fe8a55f1d408043674366df88591e29bc265f3e1afbc2712ad63b4748b09b79456f0ea839cf55
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Behavioral task
behavioral1
Sample
NEAS.24bf7c47cb5c94e3ef84baf4dacce6f0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.24bf7c47cb5c94e3ef84baf4dacce6f0.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
NEAS.24bf7c47cb5c94e3ef84baf4dacce6f0.exe
-
Size
1.4MB
-
MD5
24bf7c47cb5c94e3ef84baf4dacce6f0
-
SHA1
ae7892a2ca0fd30f4657a7d4b4f46d2e51069a8c
-
SHA256
df41429f2b77bca4585a380bcf2bc1c734f8a1312c6311938b03e80376e74803
-
SHA512
5630529f86dc585b4eaedab7e8eabc7f35b5dc5210488eec9a1fe8a55f1d408043674366df88591e29bc265f3e1afbc2712ad63b4748b09b79456f0ea839cf55
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1