General

  • Target

    NEAS.93db67acc5572ee4096c1d1962766430.exe

  • Size

    783KB

  • Sample

    231118-c1ad3sae7x

  • MD5

    93db67acc5572ee4096c1d1962766430

  • SHA1

    811ef2712a3b2a757b0efcd7fdb95cdea777111d

  • SHA256

    b87a60099a45285a03886378f0786131c3fa551bd84bd6134f858703d17ab74a

  • SHA512

    cc30b4df6ed1142b4344081f1ab19abc82f3556556871e540cac9149ab70465a35cc4d9224d9664b87bc4063d5b2f9b9fdb2c493b89c400a76bd25fb0dbaf6e8

  • SSDEEP

    12288:GqnOYxdAgpoNeF91rg5iFdr0yQ9gYx+EIpakCYJRU7Q9bWoFzqK:G+OQbpbgsFdAyQvzSqaq8q

Malware Config

Targets

    • Target

      NEAS.93db67acc5572ee4096c1d1962766430.exe

    • Size

      783KB

    • MD5

      93db67acc5572ee4096c1d1962766430

    • SHA1

      811ef2712a3b2a757b0efcd7fdb95cdea777111d

    • SHA256

      b87a60099a45285a03886378f0786131c3fa551bd84bd6134f858703d17ab74a

    • SHA512

      cc30b4df6ed1142b4344081f1ab19abc82f3556556871e540cac9149ab70465a35cc4d9224d9664b87bc4063d5b2f9b9fdb2c493b89c400a76bd25fb0dbaf6e8

    • SSDEEP

      12288:GqnOYxdAgpoNeF91rg5iFdr0yQ9gYx+EIpakCYJRU7Q9bWoFzqK:G+OQbpbgsFdAyQvzSqaq8q

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks