General
-
Target
6b1ff20c95ab7ea0d16f441c6726f6112bbae1c620696f2e9bec01b4926dc1f4
-
Size
4.1MB
-
Sample
240422-26kvfahe55
-
MD5
a84070968353edcc9559f54deedd8fe9
-
SHA1
27187ea020c4fcfad6783debbea35883b1125538
-
SHA256
6b1ff20c95ab7ea0d16f441c6726f6112bbae1c620696f2e9bec01b4926dc1f4
-
SHA512
134a25e91d0b088a9dd57ce0310a1f164f6586624dd71a02001ece26b70d3d8fd201ece35b5a9b15764f983cbf9da099b8f13b5e99584ada093f12c506a2500e
-
SSDEEP
98304:TiJbE5xmRwLHVZCC55YkdOsfMvBh0ND4wELWg:TMaxAWHVkq5Y2fMkNDILWg
Behavioral task
behavioral1
Sample
6b1ff20c95ab7ea0d16f441c6726f6112bbae1c620696f2e9bec01b4926dc1f4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6b1ff20c95ab7ea0d16f441c6726f6112bbae1c620696f2e9bec01b4926dc1f4.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
6b1ff20c95ab7ea0d16f441c6726f6112bbae1c620696f2e9bec01b4926dc1f4
-
Size
4.1MB
-
MD5
a84070968353edcc9559f54deedd8fe9
-
SHA1
27187ea020c4fcfad6783debbea35883b1125538
-
SHA256
6b1ff20c95ab7ea0d16f441c6726f6112bbae1c620696f2e9bec01b4926dc1f4
-
SHA512
134a25e91d0b088a9dd57ce0310a1f164f6586624dd71a02001ece26b70d3d8fd201ece35b5a9b15764f983cbf9da099b8f13b5e99584ada093f12c506a2500e
-
SSDEEP
98304:TiJbE5xmRwLHVZCC55YkdOsfMvBh0ND4wELWg:TMaxAWHVkq5Y2fMkNDILWg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1