General
-
Target
NEAS.0354534622a7e7ce7f1b17a165be77b7dc56173f29e8533689913eb65f81f22eexe.exe
-
Size
5.9MB
-
Sample
231204-tny1cace3z
-
MD5
1bfa99da4638bd06a51ae85edea23529
-
SHA1
8a66eac74b538ad04701fca825ffe619b361b728
-
SHA256
0354534622a7e7ce7f1b17a165be77b7dc56173f29e8533689913eb65f81f22e
-
SHA512
26e0011e1ad6417bd37f89694a4cff537ba38a95cd6ba95066b625b7890954d5f644529902095ecc3042a84f13433b1cd89f2324be699306fd11b48f2d0b82e7
-
SSDEEP
98304:ByeUxPQ0JMLyWIvqrhH05I8TderKjHDFUh9HkEXJfw4:ByeU11Rvqmu8TWKnF6N/1w
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.0354534622a7e7ce7f1b17a165be77b7dc56173f29e8533689913eb65f81f22eexe.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
NEAS.0354534622a7e7ce7f1b17a165be77b7dc56173f29e8533689913eb65f81f22eexe.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
NEAS.0354534622a7e7ce7f1b17a165be77b7dc56173f29e8533689913eb65f81f22eexe.exe
-
Size
5.9MB
-
MD5
1bfa99da4638bd06a51ae85edea23529
-
SHA1
8a66eac74b538ad04701fca825ffe619b361b728
-
SHA256
0354534622a7e7ce7f1b17a165be77b7dc56173f29e8533689913eb65f81f22e
-
SHA512
26e0011e1ad6417bd37f89694a4cff537ba38a95cd6ba95066b625b7890954d5f644529902095ecc3042a84f13433b1cd89f2324be699306fd11b48f2d0b82e7
-
SSDEEP
98304:ByeUxPQ0JMLyWIvqrhH05I8TderKjHDFUh9HkEXJfw4:ByeU11Rvqmu8TWKnF6N/1w
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1