General
-
Target
NEAS.a06fa90672e47f8037a0cba516c51180.exe
-
Size
1.4MB
-
Sample
231117-w23xkacd92
-
MD5
a06fa90672e47f8037a0cba516c51180
-
SHA1
6ac9fc25a9460cf0c1a519b3167a97ce81f08532
-
SHA256
b281b6bc08d7676f5dc0998e39bd123a4c7af5e97694da7a2ed57161adeb264b
-
SHA512
5b5a698362b9a66a9ac771fd06bdc08cb96a9845ba5d47afdfa1ffa640a750dc928c22387d72d1a4da1ce313057a9efd56cfa960f24340f558e0b43e173cb881
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Behavioral task
behavioral1
Sample
NEAS.a06fa90672e47f8037a0cba516c51180.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.a06fa90672e47f8037a0cba516c51180.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
NEAS.a06fa90672e47f8037a0cba516c51180.exe
-
Size
1.4MB
-
MD5
a06fa90672e47f8037a0cba516c51180
-
SHA1
6ac9fc25a9460cf0c1a519b3167a97ce81f08532
-
SHA256
b281b6bc08d7676f5dc0998e39bd123a4c7af5e97694da7a2ed57161adeb264b
-
SHA512
5b5a698362b9a66a9ac771fd06bdc08cb96a9845ba5d47afdfa1ffa640a750dc928c22387d72d1a4da1ce313057a9efd56cfa960f24340f558e0b43e173cb881
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1