General
-
Target
NEAS.5e2ccb97d6bf2f8bedd6d473079c33b0.exe
-
Size
1.4MB
-
Sample
231118-dfsklaah3s
-
MD5
5e2ccb97d6bf2f8bedd6d473079c33b0
-
SHA1
699314bf74a661917771308e7cd6d6b618af2827
-
SHA256
6f594600a76bb7e0d64a33f97d8fe61db21cce7084db83bd6e624150dd0aabf3
-
SHA512
0f2dd039b746d157a65998328e4b599678904fb871d53f1a5d175671f2f1abae353d187d866a6b9240b3c81d77bb1a53527d32f7a9028be3e57290e7d05def93
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Behavioral task
behavioral1
Sample
NEAS.5e2ccb97d6bf2f8bedd6d473079c33b0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.5e2ccb97d6bf2f8bedd6d473079c33b0.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
NEAS.5e2ccb97d6bf2f8bedd6d473079c33b0.exe
-
Size
1.4MB
-
MD5
5e2ccb97d6bf2f8bedd6d473079c33b0
-
SHA1
699314bf74a661917771308e7cd6d6b618af2827
-
SHA256
6f594600a76bb7e0d64a33f97d8fe61db21cce7084db83bd6e624150dd0aabf3
-
SHA512
0f2dd039b746d157a65998328e4b599678904fb871d53f1a5d175671f2f1abae353d187d866a6b9240b3c81d77bb1a53527d32f7a9028be3e57290e7d05def93
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1