General
-
Target
NEAS.91e7d0d95f04df3f1749308bb5a28410.exe
-
Size
1.4MB
-
Sample
231117-w2vaesde8w
-
MD5
91e7d0d95f04df3f1749308bb5a28410
-
SHA1
dc1d10acb53b926e2cfc0fdac41c1d789089ebbd
-
SHA256
89681bf4a741ac4bcc38fffffa24254dcf9a70356c4ebf98a5004d23e34265b6
-
SHA512
5609717ed1be8de5a14e5cb6a56c339786de8caeb7735b70a6e584223f904ac1b3c8ab7ca0441b0f12b86b5dabea78cbe706c59cd26bc3b096a7850f0da6a28e
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Behavioral task
behavioral1
Sample
NEAS.91e7d0d95f04df3f1749308bb5a28410.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.91e7d0d95f04df3f1749308bb5a28410.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
NEAS.91e7d0d95f04df3f1749308bb5a28410.exe
-
Size
1.4MB
-
MD5
91e7d0d95f04df3f1749308bb5a28410
-
SHA1
dc1d10acb53b926e2cfc0fdac41c1d789089ebbd
-
SHA256
89681bf4a741ac4bcc38fffffa24254dcf9a70356c4ebf98a5004d23e34265b6
-
SHA512
5609717ed1be8de5a14e5cb6a56c339786de8caeb7735b70a6e584223f904ac1b3c8ab7ca0441b0f12b86b5dabea78cbe706c59cd26bc3b096a7850f0da6a28e
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1