General
-
Target
NEAS.45848f39a541d1778a1985e41060aae0.exe
-
Size
1.4MB
-
Sample
231117-3y7jxagh3t
-
MD5
45848f39a541d1778a1985e41060aae0
-
SHA1
a0492acdcc7e53d3f0291fcda57847553825c6a0
-
SHA256
047c4802b4c4dcd11d55ef0d671efd5f15f3f30d8efdda6c7b08a33e6eac3acb
-
SHA512
8db844fad8d4fefe0465900d07990f87225a1099370544bca578ad491173fd6ed6e4e540c120d970e0df7bb4c21690d5e0d36d2ebe7972d0fa54eccfa6e7ce9c
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Behavioral task
behavioral1
Sample
NEAS.45848f39a541d1778a1985e41060aae0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.45848f39a541d1778a1985e41060aae0.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
NEAS.45848f39a541d1778a1985e41060aae0.exe
-
Size
1.4MB
-
MD5
45848f39a541d1778a1985e41060aae0
-
SHA1
a0492acdcc7e53d3f0291fcda57847553825c6a0
-
SHA256
047c4802b4c4dcd11d55ef0d671efd5f15f3f30d8efdda6c7b08a33e6eac3acb
-
SHA512
8db844fad8d4fefe0465900d07990f87225a1099370544bca578ad491173fd6ed6e4e540c120d970e0df7bb4c21690d5e0d36d2ebe7972d0fa54eccfa6e7ce9c
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1