General
-
Target
a7efa1a450a8e594e78db49b8e496dfb.bin
-
Size
2.4MB
-
Sample
240423-ysff1sbd89
-
MD5
b1fe5eeb6293f2744b56acab9658a62e
-
SHA1
4a7595ead2335c0b3a38471e68e04e6d62d597e3
-
SHA256
8ada05694d1491267ea4dae764af31437172eed243c7afb9b2d3332db995c2ef
-
SHA512
2bcad31909f4c557deaf7973a2afc20f16af7069907cf40ade71238de624de5e1e67de0f98c4ca4e9588107c95e6fe8c12814c283799680bbc15fbd4cea762d7
-
SSDEEP
49152:tiklOVcHjeYUDQyr0cZ/C8fbCsvVlty02+foskT55hDLY4qmH3pYCkvJ2AcAJv:j5HjeYaecz20Vlty09Q55hDLPqY3gJZZ
Static task
static1
Behavioral task
behavioral1
Sample
460e3932c1f76c83aeb5f294a84c5a2343d05bf40afadd3edae8c561f26f9ab3.exe
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
460e3932c1f76c83aeb5f294a84c5a2343d05bf40afadd3edae8c561f26f9ab3.exe
-
Size
3.2MB
-
MD5
a7efa1a450a8e594e78db49b8e496dfb
-
SHA1
f4f830b132f8ee15eee245581670498c9b3bf942
-
SHA256
460e3932c1f76c83aeb5f294a84c5a2343d05bf40afadd3edae8c561f26f9ab3
-
SHA512
4aa1220b16c1fa32ede5ab7fd7ab0174d0cfb8f556e3798255d9f2a6e284fc3eb5860084297c26b06f94bbe2c62f8d6853c4b39ac7fae407496417b6a4c66b21
-
SSDEEP
49152:Xdh7FqRrDLaRmdx3GfjfWnS3zu/zocfRKoLNdCQDGLZlEb9GxL8T:xEGRmP3w6nazu/zdfR3dCQDUZnxgT
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Sets file execution options in registry
-
Executes dropped EXE
-
Registers COM server for autorun
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1