General
-
Target
115185cf7af582ac2fc2fe681a4a142e.exe
-
Size
5.9MB
-
Sample
231204-d22qdsgh26
-
MD5
115185cf7af582ac2fc2fe681a4a142e
-
SHA1
fe1be50829297758777a380d94f5b9f369ea4284
-
SHA256
377f3033cdfdcf4b2bd6b9c2949abcb8d7973c2ade4115d1c622db274bfac687
-
SHA512
813e8f1473a4f2fd902b5fed0835d1f9c5c5a1a64d9d55eef340421b4fbebe6a42a793a7364d45858172e502435603f3c0d18a532dd04e8cb39de20bd2209d45
-
SSDEEP
98304:ByeUxPQ0JMLyWIvqrhH05I8TderKjHDFUh9HkEXJfw4:ByeU11Rvqmu8TWKnF6N/1w
Static task
static1
Behavioral task
behavioral1
Sample
115185cf7af582ac2fc2fe681a4a142e.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
115185cf7af582ac2fc2fe681a4a142e.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
115185cf7af582ac2fc2fe681a4a142e.exe
-
Size
5.9MB
-
MD5
115185cf7af582ac2fc2fe681a4a142e
-
SHA1
fe1be50829297758777a380d94f5b9f369ea4284
-
SHA256
377f3033cdfdcf4b2bd6b9c2949abcb8d7973c2ade4115d1c622db274bfac687
-
SHA512
813e8f1473a4f2fd902b5fed0835d1f9c5c5a1a64d9d55eef340421b4fbebe6a42a793a7364d45858172e502435603f3c0d18a532dd04e8cb39de20bd2209d45
-
SSDEEP
98304:ByeUxPQ0JMLyWIvqrhH05I8TderKjHDFUh9HkEXJfw4:ByeU11Rvqmu8TWKnF6N/1w
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1