General
-
Target
7604064e06f90a2ba18f05d4b1125f183f5dc8cec00c5c8a9d5676513b09bee2
-
Size
3.2MB
-
Sample
240424-296w3sbd8v
-
MD5
8d70de80fa2b63ef527475c0c3972f9d
-
SHA1
0906b4778756585a10f9855134df8a21368abd07
-
SHA256
7604064e06f90a2ba18f05d4b1125f183f5dc8cec00c5c8a9d5676513b09bee2
-
SHA512
eaab187241ffafc465a8c9cf21b205e094aaf6d4bd9ae4ba96a54b3e1de50acc11e67c461ee766b204cb03030d542d2c5fd918d895a5b380e6ec407ad399c1d0
-
SSDEEP
49152:nC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:nC0Fl8v/qXYrv5tG9uKJGAWl5N
Behavioral task
behavioral1
Sample
7604064e06f90a2ba18f05d4b1125f183f5dc8cec00c5c8a9d5676513b09bee2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7604064e06f90a2ba18f05d4b1125f183f5dc8cec00c5c8a9d5676513b09bee2.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
7604064e06f90a2ba18f05d4b1125f183f5dc8cec00c5c8a9d5676513b09bee2
-
Size
3.2MB
-
MD5
8d70de80fa2b63ef527475c0c3972f9d
-
SHA1
0906b4778756585a10f9855134df8a21368abd07
-
SHA256
7604064e06f90a2ba18f05d4b1125f183f5dc8cec00c5c8a9d5676513b09bee2
-
SHA512
eaab187241ffafc465a8c9cf21b205e094aaf6d4bd9ae4ba96a54b3e1de50acc11e67c461ee766b204cb03030d542d2c5fd918d895a5b380e6ec407ad399c1d0
-
SSDEEP
49152:nC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:nC0Fl8v/qXYrv5tG9uKJGAWl5N
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1