General
-
Target
4d7463d7f489ec7de6ebea288af19270.bin
-
Size
1.4MB
-
Sample
231119-calz7ahc5w
-
MD5
4d7463d7f489ec7de6ebea288af19270
-
SHA1
3a350b9badebb0d9f31bf6472d6f5c69d246ef39
-
SHA256
bf5bf5a95a275819c1630814b9333fe1fe19d973ecb498de8c56938fa21bfb48
-
SHA512
1dbc0a0de6fba1461383bcae6bbaece31684f395dd944a5c0b55a071180532772cf23d9b887be7b77e2baa447d54fcead93711709106baca58066d2d5604c6e4
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Behavioral task
behavioral1
Sample
4d7463d7f489ec7de6ebea288af19270.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
4d7463d7f489ec7de6ebea288af19270.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
4d7463d7f489ec7de6ebea288af19270.bin
-
Size
1.4MB
-
MD5
4d7463d7f489ec7de6ebea288af19270
-
SHA1
3a350b9badebb0d9f31bf6472d6f5c69d246ef39
-
SHA256
bf5bf5a95a275819c1630814b9333fe1fe19d973ecb498de8c56938fa21bfb48
-
SHA512
1dbc0a0de6fba1461383bcae6bbaece31684f395dd944a5c0b55a071180532772cf23d9b887be7b77e2baa447d54fcead93711709106baca58066d2d5604c6e4
-
SSDEEP
24576:qBBkOlRe8ZcXPuCyRdaN1yV/vELneAcCg8:uOOy8eEa1Jct8
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1