General
-
Target
3b99c63e4974eae49eba3ac380fc4c75ba6a4e38cd381a00cc32cee95e7596ad
-
Size
3.2MB
-
Sample
240422-zwgzpagc63
-
MD5
7ec98ffb225893aeee999179ca43380a
-
SHA1
d9ad6d24e771b5c2ebc4b4a70534329abfffe871
-
SHA256
3b99c63e4974eae49eba3ac380fc4c75ba6a4e38cd381a00cc32cee95e7596ad
-
SHA512
9b8e4d9123b1b1686fc88e17e02aa3d05b998ad21f9314cd15b2da8751906bc04c2f749e279d04f3a1a5b40074ed89b33bae749b8e0546f7e665b32ce6dbca05
-
SSDEEP
49152:nC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:nC0Fl8v/qXYrv5tG9uKJGAWl5N
Behavioral task
behavioral1
Sample
3b99c63e4974eae49eba3ac380fc4c75ba6a4e38cd381a00cc32cee95e7596ad.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3b99c63e4974eae49eba3ac380fc4c75ba6a4e38cd381a00cc32cee95e7596ad.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
3b99c63e4974eae49eba3ac380fc4c75ba6a4e38cd381a00cc32cee95e7596ad
-
Size
3.2MB
-
MD5
7ec98ffb225893aeee999179ca43380a
-
SHA1
d9ad6d24e771b5c2ebc4b4a70534329abfffe871
-
SHA256
3b99c63e4974eae49eba3ac380fc4c75ba6a4e38cd381a00cc32cee95e7596ad
-
SHA512
9b8e4d9123b1b1686fc88e17e02aa3d05b998ad21f9314cd15b2da8751906bc04c2f749e279d04f3a1a5b40074ed89b33bae749b8e0546f7e665b32ce6dbca05
-
SSDEEP
49152:nC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:nC0Fl8v/qXYrv5tG9uKJGAWl5N
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1