General
-
Target
19d8a91e9b3652cfc0bb5165e5c3ff52.exe
-
Size
1.5MB
-
Sample
240425-1z2zpsfg97
-
MD5
19d8a91e9b3652cfc0bb5165e5c3ff52
-
SHA1
649f59eae10939df994db941aabc1fb78f6a0aae
-
SHA256
a7026eb135336fc541bb8cf376de89754873bfe36cba3098fbd6bdfb8c22a89d
-
SHA512
903c11934123b6d13783f1724ff1522eb88fe41e75855d1e8761a5d06326bdc3f250986f0a2de7d126e0189776b3418f19dbf0bb3aaaeef6cd3db2a9484ebb19
-
SSDEEP
24576:ZJOKkuLgnh7L7yK7YxIEsNmvvEiobrjDxKg5EPavsasRbPfyRAm3TXPoehNWRJd5:ZWi0Dx80zem3rgMNfMJc7qKV
Behavioral task
behavioral1
Sample
19d8a91e9b3652cfc0bb5165e5c3ff52.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
19d8a91e9b3652cfc0bb5165e5c3ff52.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
19d8a91e9b3652cfc0bb5165e5c3ff52.exe
-
Size
1.5MB
-
MD5
19d8a91e9b3652cfc0bb5165e5c3ff52
-
SHA1
649f59eae10939df994db941aabc1fb78f6a0aae
-
SHA256
a7026eb135336fc541bb8cf376de89754873bfe36cba3098fbd6bdfb8c22a89d
-
SHA512
903c11934123b6d13783f1724ff1522eb88fe41e75855d1e8761a5d06326bdc3f250986f0a2de7d126e0189776b3418f19dbf0bb3aaaeef6cd3db2a9484ebb19
-
SSDEEP
24576:ZJOKkuLgnh7L7yK7YxIEsNmvvEiobrjDxKg5EPavsasRbPfyRAm3TXPoehNWRJd5:ZWi0Dx80zem3rgMNfMJc7qKV
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1