General

  • Target

    47f92f0a7130658a8a48219f0a5157e967aafcbe828d7fd5b6e2189a46baf13e

  • Size

    3.7MB

  • Sample

    240513-zsjn4sde6x

  • MD5

    3aff466445051bd93a7ea3ae519587ef

  • SHA1

    516c1e9da912f6d988146fb812d88bdc7b30588a

  • SHA256

    47f92f0a7130658a8a48219f0a5157e967aafcbe828d7fd5b6e2189a46baf13e

  • SHA512

    3870bd70e038bb27035eec3eb8bd8f88c2bb720f59dd5283e2bc095f540e3ab4d6e991d7a601b4d809d8de7e7592d2010c41cf57b708ea2f42a5323353a8338f

  • SSDEEP

    49152:UbA30nPNSHQAjwNVYyHycT6JYRAwWPScqhWtkOTwol8FxMQFQnSMvTklif/:UbhwTNJytcqgtkzoEOSMvTwif/

Malware Config

Targets

    • Target

      47f92f0a7130658a8a48219f0a5157e967aafcbe828d7fd5b6e2189a46baf13e

    • Size

      3.7MB

    • MD5

      3aff466445051bd93a7ea3ae519587ef

    • SHA1

      516c1e9da912f6d988146fb812d88bdc7b30588a

    • SHA256

      47f92f0a7130658a8a48219f0a5157e967aafcbe828d7fd5b6e2189a46baf13e

    • SHA512

      3870bd70e038bb27035eec3eb8bd8f88c2bb720f59dd5283e2bc095f540e3ab4d6e991d7a601b4d809d8de7e7592d2010c41cf57b708ea2f42a5323353a8338f

    • SSDEEP

      49152:UbA30nPNSHQAjwNVYyHycT6JYRAwWPScqhWtkOTwol8FxMQFQnSMvTklif/:UbhwTNJytcqgtkzoEOSMvTwif/

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Modifies WinLogon for persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Detects executables packed with SmartAssembly

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks