General
-
Target
NEAS.3d10e6755ac9695dca6850bb1ad727d0.exe
-
Size
1.4MB
-
Sample
231118-b64dnsgg75
-
MD5
3d10e6755ac9695dca6850bb1ad727d0
-
SHA1
b42d5db6a985f610548776ea62316c94940b183d
-
SHA256
978f287cea0349f2b401815bad60117a162621521acb4c726126953c685bc165
-
SHA512
f9c81db74335f953a1780d8eb1522908b709557093ca6d7aa8e8746d401a8ff8f847a13b6c5eca7f728d55f4f005b136bce835ff5877a39bcf0249ccd8b6c538
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Behavioral task
behavioral1
Sample
NEAS.3d10e6755ac9695dca6850bb1ad727d0.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.3d10e6755ac9695dca6850bb1ad727d0.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
NEAS.3d10e6755ac9695dca6850bb1ad727d0.exe
-
Size
1.4MB
-
MD5
3d10e6755ac9695dca6850bb1ad727d0
-
SHA1
b42d5db6a985f610548776ea62316c94940b183d
-
SHA256
978f287cea0349f2b401815bad60117a162621521acb4c726126953c685bc165
-
SHA512
f9c81db74335f953a1780d8eb1522908b709557093ca6d7aa8e8746d401a8ff8f847a13b6c5eca7f728d55f4f005b136bce835ff5877a39bcf0249ccd8b6c538
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1