General
-
Target
LastActivityView.exe
-
Size
1.8MB
-
Sample
240511-vk1kfabd55
-
MD5
45008c4cc3fc25a5d5184742ae2fe72b
-
SHA1
f5e7b3110df6917df0e07a822c313c52eec335fd
-
SHA256
09d240d54a5458bcc9362ea0f06e23a345b69e196e127462d5f33e8a475ccd57
-
SHA512
3059e4e59cb103f08fd13f776bf65d41b4cfec7a7f6610a2c945e134d4b913185f64bdf357bbc3c52e26da77f9e04a19c121611ad11fb40bf486aade1751e335
-
SSDEEP
24576:J2G/nvxW3WtklQ1yLJg2WGBITqb6YtZuhH6bxzDtR8P56fpjPFWmU:JbA37lQ1FdrqeoAR4NfjSf
Malware Config
Targets
-
-
Target
LastActivityView.exe
-
Size
1.8MB
-
MD5
45008c4cc3fc25a5d5184742ae2fe72b
-
SHA1
f5e7b3110df6917df0e07a822c313c52eec335fd
-
SHA256
09d240d54a5458bcc9362ea0f06e23a345b69e196e127462d5f33e8a475ccd57
-
SHA512
3059e4e59cb103f08fd13f776bf65d41b4cfec7a7f6610a2c945e134d4b913185f64bdf357bbc3c52e26da77f9e04a19c121611ad11fb40bf486aade1751e335
-
SSDEEP
24576:J2G/nvxW3WtklQ1yLJg2WGBITqb6YtZuhH6bxzDtR8P56fpjPFWmU:JbA37lQ1FdrqeoAR4NfjSf
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1