General
-
Target
7eb1b5299df8045f5ac2c50a6bb0886bff3d4bb1d7eac97f4a9890451b0a3eaf
-
Size
3.2MB
-
Sample
240513-23gzdahh68
-
MD5
5e11b7a6246841f5c8dc76aa757e0613
-
SHA1
44125a86ecdd8fe8cb0261b4ce79b1fc4b61d639
-
SHA256
7eb1b5299df8045f5ac2c50a6bb0886bff3d4bb1d7eac97f4a9890451b0a3eaf
-
SHA512
2d8f81567cf50ec22fb577e01cdf123e2da0a13380691133a3f5e01fb989db37d3ff25fff12e5a3d8cd133d13e96c2bad14ae488ce2689e6fdb050fbb9252cf0
-
SSDEEP
49152:/C0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:/C0Fl8v/qXYrv5tG9uKJGAWl5N
Behavioral task
behavioral1
Sample
7eb1b5299df8045f5ac2c50a6bb0886bff3d4bb1d7eac97f4a9890451b0a3eaf.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
7eb1b5299df8045f5ac2c50a6bb0886bff3d4bb1d7eac97f4a9890451b0a3eaf
-
Size
3.2MB
-
MD5
5e11b7a6246841f5c8dc76aa757e0613
-
SHA1
44125a86ecdd8fe8cb0261b4ce79b1fc4b61d639
-
SHA256
7eb1b5299df8045f5ac2c50a6bb0886bff3d4bb1d7eac97f4a9890451b0a3eaf
-
SHA512
2d8f81567cf50ec22fb577e01cdf123e2da0a13380691133a3f5e01fb989db37d3ff25fff12e5a3d8cd133d13e96c2bad14ae488ce2689e6fdb050fbb9252cf0
-
SSDEEP
49152:/C0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:/C0Fl8v/qXYrv5tG9uKJGAWl5N
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1