General
-
Target
NEAS.ee9c47c40454820e89d46e4b89068090.exe
-
Size
1.4MB
-
Sample
231118-hm885sde7v
-
MD5
ee9c47c40454820e89d46e4b89068090
-
SHA1
74c981d480a6997b8f6f3ffe6c5ba9b005070f3d
-
SHA256
1b09e5cee9450e879f4d7891c2dc502b952f897e095fa27514db95410d933550
-
SHA512
36d6c66438758f6c11b0d4e44bcf3d677cc760b1ba4235e61c1ba26b2facc99d0e27b018bc07e0f18eee5626b31f6935c90529cbb9661bcb4e65ae9a5d22d399
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Behavioral task
behavioral1
Sample
NEAS.ee9c47c40454820e89d46e4b89068090.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.ee9c47c40454820e89d46e4b89068090.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
NEAS.ee9c47c40454820e89d46e4b89068090.exe
-
Size
1.4MB
-
MD5
ee9c47c40454820e89d46e4b89068090
-
SHA1
74c981d480a6997b8f6f3ffe6c5ba9b005070f3d
-
SHA256
1b09e5cee9450e879f4d7891c2dc502b952f897e095fa27514db95410d933550
-
SHA512
36d6c66438758f6c11b0d4e44bcf3d677cc760b1ba4235e61c1ba26b2facc99d0e27b018bc07e0f18eee5626b31f6935c90529cbb9661bcb4e65ae9a5d22d399
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1