General
-
Target
NEAS.4c635576e1e7a2ae433864a810ba5240.exe
-
Size
783KB
-
Sample
231117-yl7xpaef4w
-
MD5
4c635576e1e7a2ae433864a810ba5240
-
SHA1
62869bd7980f4b49002fdea43a94b30187634f9c
-
SHA256
e3cb13ec02d5f506a6b7d310e1f8a6de70deb31463f601557035679a217da72d
-
SHA512
47f86a84159ab0bcecc588a17f5648dee0bd425d8c365543ae415659ba8b6fb440c14091e61251f895946925aa48c445f2fdb0bbbd6abdefeaaf2295ca198747
-
SSDEEP
12288:mqnOYxdAgpoNeF91rg5iFdr0yQ9gYx+EIpakCYJRU7Q9bWoFzqK:m+OQbpbgsFdAyQvzSqaq8q
Behavioral task
behavioral1
Sample
NEAS.4c635576e1e7a2ae433864a810ba5240.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
NEAS.4c635576e1e7a2ae433864a810ba5240.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
NEAS.4c635576e1e7a2ae433864a810ba5240.exe
-
Size
783KB
-
MD5
4c635576e1e7a2ae433864a810ba5240
-
SHA1
62869bd7980f4b49002fdea43a94b30187634f9c
-
SHA256
e3cb13ec02d5f506a6b7d310e1f8a6de70deb31463f601557035679a217da72d
-
SHA512
47f86a84159ab0bcecc588a17f5648dee0bd425d8c365543ae415659ba8b6fb440c14091e61251f895946925aa48c445f2fdb0bbbd6abdefeaaf2295ca198747
-
SSDEEP
12288:mqnOYxdAgpoNeF91rg5iFdr0yQ9gYx+EIpakCYJRU7Q9bWoFzqK:m+OQbpbgsFdAyQvzSqaq8q
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1