General
-
Target
4b18ba302ac3b732c059bc9349dc5b1d.exe
-
Size
3.7MB
-
Sample
240325-h3slbsaf32
-
MD5
4b18ba302ac3b732c059bc9349dc5b1d
-
SHA1
cdf1b87ab98bc1dbd6ec33426090df881d5500b1
-
SHA256
6120c9db8e0c5d714fd87dcb35954c460439498928bc85978aef0fb377e43e1d
-
SHA512
ef389d1eda53f8a6e61891af541122b50473a692720aab6257e12405c239633c024c1c769bd773fc86f22e8076ecd137b4a2b8671cdbdb76f4443fb867c2470e
-
SSDEEP
49152:UbA30qT+k5eUUNB4Pi8viz3aMauYHBuzmQZ1vIF85qZlczSoPNhBpbfXWYwEqGaf:UbWq0LF6DJVmQZ2FXcfhBPHdaII
Behavioral task
behavioral1
Sample
4b18ba302ac3b732c059bc9349dc5b1d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4b18ba302ac3b732c059bc9349dc5b1d.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
4b18ba302ac3b732c059bc9349dc5b1d.exe
-
Size
3.7MB
-
MD5
4b18ba302ac3b732c059bc9349dc5b1d
-
SHA1
cdf1b87ab98bc1dbd6ec33426090df881d5500b1
-
SHA256
6120c9db8e0c5d714fd87dcb35954c460439498928bc85978aef0fb377e43e1d
-
SHA512
ef389d1eda53f8a6e61891af541122b50473a692720aab6257e12405c239633c024c1c769bd773fc86f22e8076ecd137b4a2b8671cdbdb76f4443fb867c2470e
-
SSDEEP
49152:UbA30qT+k5eUUNB4Pi8viz3aMauYHBuzmQZ1vIF85qZlczSoPNhBpbfXWYwEqGaf:UbWq0LF6DJVmQZ2FXcfhBPHdaII
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1