General
-
Target
ac3cb04d0c997ad56d1c5259bec7424e061dd8f18f031f2b71d45906a7783a8d
-
Size
3.2MB
-
Sample
240419-b3fhfaeb7t
-
MD5
0aa04def3714ff7f45b3abe211459467
-
SHA1
ac241910b74cf5a7b18c07486b6d46c6958b6308
-
SHA256
ac3cb04d0c997ad56d1c5259bec7424e061dd8f18f031f2b71d45906a7783a8d
-
SHA512
ce9df3353c1a907809a161a79ee56600a3a1b30ded92a1c1d30c7e32742a0046c659c610b6ef1c986615a806cc855e2210bae1f8cee9f7b6f147a5cb91bd9a7d
-
SSDEEP
49152:HC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:HC0Fl8v/qXYrv5tG9uKJGAWl5N
Behavioral task
behavioral1
Sample
ac3cb04d0c997ad56d1c5259bec7424e061dd8f18f031f2b71d45906a7783a8d.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ac3cb04d0c997ad56d1c5259bec7424e061dd8f18f031f2b71d45906a7783a8d.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
ac3cb04d0c997ad56d1c5259bec7424e061dd8f18f031f2b71d45906a7783a8d
-
Size
3.2MB
-
MD5
0aa04def3714ff7f45b3abe211459467
-
SHA1
ac241910b74cf5a7b18c07486b6d46c6958b6308
-
SHA256
ac3cb04d0c997ad56d1c5259bec7424e061dd8f18f031f2b71d45906a7783a8d
-
SHA512
ce9df3353c1a907809a161a79ee56600a3a1b30ded92a1c1d30c7e32742a0046c659c610b6ef1c986615a806cc855e2210bae1f8cee9f7b6f147a5cb91bd9a7d
-
SSDEEP
49152:HC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:HC0Fl8v/qXYrv5tG9uKJGAWl5N
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1