General
-
Target
280568f45143f46f51bde5e6e158ded1.exe
-
Size
5.9MB
-
Sample
231204-e5dneaha2v
-
MD5
280568f45143f46f51bde5e6e158ded1
-
SHA1
338bb0b0c25df43c3a65f2d326c3c5fa09427f2d
-
SHA256
34e740ecbaab29c15536abd6409bd10e1880a77eeb8a5a88e787051d4fd916a9
-
SHA512
d8ed2ba7af1a444b1d2f36c6fb3edafb045b3446709456ead5e097186390a63365a5bd33e7fb18f8df4c0aa672b63923415bb76f8a91733219fc2046dd93107d
-
SSDEEP
98304:xyeUxPQ0JMLyWIvqrhH05I8TderKjHDFUh9HkEXJfw4:xyeU11Rvqmu8TWKnF6N/1w
Static task
static1
Behavioral task
behavioral1
Sample
280568f45143f46f51bde5e6e158ded1.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
280568f45143f46f51bde5e6e158ded1.exe
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
280568f45143f46f51bde5e6e158ded1.exe
-
Size
5.9MB
-
MD5
280568f45143f46f51bde5e6e158ded1
-
SHA1
338bb0b0c25df43c3a65f2d326c3c5fa09427f2d
-
SHA256
34e740ecbaab29c15536abd6409bd10e1880a77eeb8a5a88e787051d4fd916a9
-
SHA512
d8ed2ba7af1a444b1d2f36c6fb3edafb045b3446709456ead5e097186390a63365a5bd33e7fb18f8df4c0aa672b63923415bb76f8a91733219fc2046dd93107d
-
SSDEEP
98304:xyeUxPQ0JMLyWIvqrhH05I8TderKjHDFUh9HkEXJfw4:xyeU11Rvqmu8TWKnF6N/1w
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1