General
-
Target
c7d3a9e1c14ce6fa9ddc47c32098a798100a765a5fb8ffab6f49d9e6fb1f61d8
-
Size
1.2MB
-
Sample
240512-dyy54aeb7t
-
MD5
373dd03a991ad6f503798d8570c7fe5c
-
SHA1
93070f297b0f28f0ff66deb0de540e8ab2e8ce32
-
SHA256
c7d3a9e1c14ce6fa9ddc47c32098a798100a765a5fb8ffab6f49d9e6fb1f61d8
-
SHA512
f50e23cdae54d334f4d58a33f4dc7ceba1d9c248a50adb523b1cc91ef2b18a5e0a6c739b9816850b4c42dc4ca5c7d5bb3e6c6add3b6e5237094c4b9725277b4f
-
SSDEEP
24576:tR28aergLxCcjZGKCKFuTBHNWdd2HAxWnUDTJ/yS3Rh:zJaDKf4p4UD1v
Behavioral task
behavioral1
Sample
c7d3a9e1c14ce6fa9ddc47c32098a798100a765a5fb8ffab6f49d9e6fb1f61d8.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c7d3a9e1c14ce6fa9ddc47c32098a798100a765a5fb8ffab6f49d9e6fb1f61d8.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
c7d3a9e1c14ce6fa9ddc47c32098a798100a765a5fb8ffab6f49d9e6fb1f61d8
-
Size
1.2MB
-
MD5
373dd03a991ad6f503798d8570c7fe5c
-
SHA1
93070f297b0f28f0ff66deb0de540e8ab2e8ce32
-
SHA256
c7d3a9e1c14ce6fa9ddc47c32098a798100a765a5fb8ffab6f49d9e6fb1f61d8
-
SHA512
f50e23cdae54d334f4d58a33f4dc7ceba1d9c248a50adb523b1cc91ef2b18a5e0a6c739b9816850b4c42dc4ca5c7d5bb3e6c6add3b6e5237094c4b9725277b4f
-
SSDEEP
24576:tR28aergLxCcjZGKCKFuTBHNWdd2HAxWnUDTJ/yS3Rh:zJaDKf4p4UD1v
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables containing bas64 encoded gzip files
-
Detects executables packed with SmartAssembly
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1