General
-
Target
7ce25c8e4134782b2c23d136157a2a6a37884352910db11fee3acf71e5db7c47
-
Size
1.2MB
-
Sample
240513-2zh29shg55
-
MD5
7b05cf7f9e8162f55d50f10f711df29a
-
SHA1
6c077351d11f6069067d69b6ece6d0989e972c99
-
SHA256
7ce25c8e4134782b2c23d136157a2a6a37884352910db11fee3acf71e5db7c47
-
SHA512
275b2d3680a92510c0a72c5e369c5c2ca57be94b71e4c668a8be9874b85bf084a6d065973cfce685580ed123adfba95373338c0b2009be86399afcd4c7c1a0d8
-
SSDEEP
24576:VR28aergLxCcjZGKCKFuTBHNWdd2HAxWnUDTJ/yS3Rh:bJaDKf4p4UD1v
Behavioral task
behavioral1
Sample
7ce25c8e4134782b2c23d136157a2a6a37884352910db11fee3acf71e5db7c47.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7ce25c8e4134782b2c23d136157a2a6a37884352910db11fee3acf71e5db7c47.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
7ce25c8e4134782b2c23d136157a2a6a37884352910db11fee3acf71e5db7c47
-
Size
1.2MB
-
MD5
7b05cf7f9e8162f55d50f10f711df29a
-
SHA1
6c077351d11f6069067d69b6ece6d0989e972c99
-
SHA256
7ce25c8e4134782b2c23d136157a2a6a37884352910db11fee3acf71e5db7c47
-
SHA512
275b2d3680a92510c0a72c5e369c5c2ca57be94b71e4c668a8be9874b85bf084a6d065973cfce685580ed123adfba95373338c0b2009be86399afcd4c7c1a0d8
-
SSDEEP
24576:VR28aergLxCcjZGKCKFuTBHNWdd2HAxWnUDTJ/yS3Rh:bJaDKf4p4UD1v
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables containing bas64 encoded gzip files
-
Detects executables packed with SmartAssembly
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1