General
-
Target
1b51ff621a2b2e38221dae30e1f05cbc5f96e4e9d7f86e3ba24e9f150b0db57b
-
Size
2.0MB
-
Sample
240424-x55q1afh4t
-
MD5
01ebdf507594d9545e4ae78ac93cc891
-
SHA1
47a1a68b473d9259463ec6db16ed86e4844269d5
-
SHA256
1b51ff621a2b2e38221dae30e1f05cbc5f96e4e9d7f86e3ba24e9f150b0db57b
-
SHA512
519bf3d0e0d047107ee51962c74268e1ce229f6136c1228bd9613bc02027ac701d35ad9f73d7c6a0378475d2da3d68cc8bbd255c289e6b36c4bdecb2fbba66db
-
SSDEEP
49152:fgylO+adjZ+RWMK8Fha66hwJVTxsjbSDDW5d1:fPOxdjrI7txbDW
Behavioral task
behavioral1
Sample
1b51ff621a2b2e38221dae30e1f05cbc5f96e4e9d7f86e3ba24e9f150b0db57b.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1b51ff621a2b2e38221dae30e1f05cbc5f96e4e9d7f86e3ba24e9f150b0db57b.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
1b51ff621a2b2e38221dae30e1f05cbc5f96e4e9d7f86e3ba24e9f150b0db57b
-
Size
2.0MB
-
MD5
01ebdf507594d9545e4ae78ac93cc891
-
SHA1
47a1a68b473d9259463ec6db16ed86e4844269d5
-
SHA256
1b51ff621a2b2e38221dae30e1f05cbc5f96e4e9d7f86e3ba24e9f150b0db57b
-
SHA512
519bf3d0e0d047107ee51962c74268e1ce229f6136c1228bd9613bc02027ac701d35ad9f73d7c6a0378475d2da3d68cc8bbd255c289e6b36c4bdecb2fbba66db
-
SSDEEP
49152:fgylO+adjZ+RWMK8Fha66hwJVTxsjbSDDW5d1:fPOxdjrI7txbDW
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1