General

  • Target

    NEAS.91e7d0d95f04df3f1749308bb5a28410.exe

  • Size

    1.4MB

  • Sample

    231117-w2vaesde8w

  • MD5

    91e7d0d95f04df3f1749308bb5a28410

  • SHA1

    dc1d10acb53b926e2cfc0fdac41c1d789089ebbd

  • SHA256

    89681bf4a741ac4bcc38fffffa24254dcf9a70356c4ebf98a5004d23e34265b6

  • SHA512

    5609717ed1be8de5a14e5cb6a56c339786de8caeb7735b70a6e584223f904ac1b3c8ab7ca0441b0f12b86b5dabea78cbe706c59cd26bc3b096a7850f0da6a28e

  • SSDEEP

    24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8

Malware Config

Targets

    • Target

      NEAS.91e7d0d95f04df3f1749308bb5a28410.exe

    • Size

      1.4MB

    • MD5

      91e7d0d95f04df3f1749308bb5a28410

    • SHA1

      dc1d10acb53b926e2cfc0fdac41c1d789089ebbd

    • SHA256

      89681bf4a741ac4bcc38fffffa24254dcf9a70356c4ebf98a5004d23e34265b6

    • SHA512

      5609717ed1be8de5a14e5cb6a56c339786de8caeb7735b70a6e584223f904ac1b3c8ab7ca0441b0f12b86b5dabea78cbe706c59cd26bc3b096a7850f0da6a28e

    • SSDEEP

      24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks