General
-
Target
fc75a247bc88f67848e50428121cc96c_JaffaCakes118
-
Size
1.4MB
-
Sample
240420-llv7nsec3w
-
MD5
fc75a247bc88f67848e50428121cc96c
-
SHA1
fe772f5018ab78903a6888005c049938a1940d12
-
SHA256
2ee377500e967e7e494fe644d11cc9c0cfe9571321161612a7b773d6abac4053
-
SHA512
8ee432c87a2643b0c0ea9ad2824938b08ecda59a6307929c33d32e653be09520d198f4aeada4d991c768e85bda80dd1301d5f4e5d2a38fa9fb244e0925f3024c
-
SSDEEP
24576:eoHQQzRfEwcmM0JP/fdR7QrxJA75F4ov8Hh+4:lZ2ksS5Fz
Behavioral task
behavioral1
Sample
fc75a247bc88f67848e50428121cc96c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fc75a247bc88f67848e50428121cc96c_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
fc75a247bc88f67848e50428121cc96c_JaffaCakes118
-
Size
1.4MB
-
MD5
fc75a247bc88f67848e50428121cc96c
-
SHA1
fe772f5018ab78903a6888005c049938a1940d12
-
SHA256
2ee377500e967e7e494fe644d11cc9c0cfe9571321161612a7b773d6abac4053
-
SHA512
8ee432c87a2643b0c0ea9ad2824938b08ecda59a6307929c33d32e653be09520d198f4aeada4d991c768e85bda80dd1301d5f4e5d2a38fa9fb244e0925f3024c
-
SSDEEP
24576:eoHQQzRfEwcmM0JP/fdR7QrxJA75F4ov8Hh+4:lZ2ksS5Fz
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1