General

  • Target

    NEAS.4c635576e1e7a2ae433864a810ba5240.exe

  • Size

    783KB

  • Sample

    231117-yl7xpaef4w

  • MD5

    4c635576e1e7a2ae433864a810ba5240

  • SHA1

    62869bd7980f4b49002fdea43a94b30187634f9c

  • SHA256

    e3cb13ec02d5f506a6b7d310e1f8a6de70deb31463f601557035679a217da72d

  • SHA512

    47f86a84159ab0bcecc588a17f5648dee0bd425d8c365543ae415659ba8b6fb440c14091e61251f895946925aa48c445f2fdb0bbbd6abdefeaaf2295ca198747

  • SSDEEP

    12288:mqnOYxdAgpoNeF91rg5iFdr0yQ9gYx+EIpakCYJRU7Q9bWoFzqK:m+OQbpbgsFdAyQvzSqaq8q

Malware Config

Targets

    • Target

      NEAS.4c635576e1e7a2ae433864a810ba5240.exe

    • Size

      783KB

    • MD5

      4c635576e1e7a2ae433864a810ba5240

    • SHA1

      62869bd7980f4b49002fdea43a94b30187634f9c

    • SHA256

      e3cb13ec02d5f506a6b7d310e1f8a6de70deb31463f601557035679a217da72d

    • SHA512

      47f86a84159ab0bcecc588a17f5648dee0bd425d8c365543ae415659ba8b6fb440c14091e61251f895946925aa48c445f2fdb0bbbd6abdefeaaf2295ca198747

    • SSDEEP

      12288:mqnOYxdAgpoNeF91rg5iFdr0yQ9gYx+EIpakCYJRU7Q9bWoFzqK:m+OQbpbgsFdAyQvzSqaq8q

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks