General
-
Target
NEAS.12512b9fc15ed49fb1066046fb8fed90.exe
-
Size
1.4MB
-
Sample
231118-cz473aae7t
-
MD5
12512b9fc15ed49fb1066046fb8fed90
-
SHA1
480b04304f83fa8b96d28e060068fbc11c9b3a05
-
SHA256
cf16e32b1b72e0e7cc452b225cce99b35336453e41d3618f28f8766553fc4bb0
-
SHA512
d79b92c2a5ada634a829c9642818178fed1ba67464b008cd1e0d6e1d5be4b8b7255cad5cac9d0ffb16bf822fc0e9a47c9accef0b04530b04cc8056a575cac7a9
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Behavioral task
behavioral1
Sample
NEAS.12512b9fc15ed49fb1066046fb8fed90.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.12512b9fc15ed49fb1066046fb8fed90.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
NEAS.12512b9fc15ed49fb1066046fb8fed90.exe
-
Size
1.4MB
-
MD5
12512b9fc15ed49fb1066046fb8fed90
-
SHA1
480b04304f83fa8b96d28e060068fbc11c9b3a05
-
SHA256
cf16e32b1b72e0e7cc452b225cce99b35336453e41d3618f28f8766553fc4bb0
-
SHA512
d79b92c2a5ada634a829c9642818178fed1ba67464b008cd1e0d6e1d5be4b8b7255cad5cac9d0ffb16bf822fc0e9a47c9accef0b04530b04cc8056a575cac7a9
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1