General
-
Target
NEAS.54df88c3e72b8d4229f6bf6adabef9e0.exe
-
Size
1.4MB
-
Sample
231118-ff4c7sbb76
-
MD5
54df88c3e72b8d4229f6bf6adabef9e0
-
SHA1
c2c6ff9f9677cdeb3c88e81d97317977ca87e56e
-
SHA256
12bcaa224d590750b33a90651d922fee72babd1d4f425ecb5f072f1679af21d5
-
SHA512
9c347e096251b7de0562633aaf0b36cb54e83c4ad3bac70fb77ed5c215034ba96674a23f0d532c318479f839e9320a1f5b75aa387371873edca3a3fecc22034d
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Behavioral task
behavioral1
Sample
NEAS.54df88c3e72b8d4229f6bf6adabef9e0.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
NEAS.54df88c3e72b8d4229f6bf6adabef9e0.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
NEAS.54df88c3e72b8d4229f6bf6adabef9e0.exe
-
Size
1.4MB
-
MD5
54df88c3e72b8d4229f6bf6adabef9e0
-
SHA1
c2c6ff9f9677cdeb3c88e81d97317977ca87e56e
-
SHA256
12bcaa224d590750b33a90651d922fee72babd1d4f425ecb5f072f1679af21d5
-
SHA512
9c347e096251b7de0562633aaf0b36cb54e83c4ad3bac70fb77ed5c215034ba96674a23f0d532c318479f839e9320a1f5b75aa387371873edca3a3fecc22034d
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1