General
-
Target
fe19b21819601fec7281be0f74c46c321b2c8115af1ba7e66e490863e4c240a2
-
Size
3.2MB
-
Sample
240515-f293wabc96
-
MD5
438789fc2753a3a41d1704542bf93769
-
SHA1
81a6c969c14fc47a15d2574cfb63dee2cbcbf12c
-
SHA256
fe19b21819601fec7281be0f74c46c321b2c8115af1ba7e66e490863e4c240a2
-
SHA512
c2ae311e1d852759bcfcc3ad0d0daac2e702a8f95065ce71f6eb104d116cadcbacb6b775c0b646d5f57ec1d2463d3c1749803b1416caa75de5b30a03430e329c
-
SSDEEP
98304:2smfE8eD0M782w1JSdvi199xP9/ecsFjPSz:2QNBY2S99xl
Behavioral task
behavioral1
Sample
fe19b21819601fec7281be0f74c46c321b2c8115af1ba7e66e490863e4c240a2.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
fe19b21819601fec7281be0f74c46c321b2c8115af1ba7e66e490863e4c240a2
-
Size
3.2MB
-
MD5
438789fc2753a3a41d1704542bf93769
-
SHA1
81a6c969c14fc47a15d2574cfb63dee2cbcbf12c
-
SHA256
fe19b21819601fec7281be0f74c46c321b2c8115af1ba7e66e490863e4c240a2
-
SHA512
c2ae311e1d852759bcfcc3ad0d0daac2e702a8f95065ce71f6eb104d116cadcbacb6b775c0b646d5f57ec1d2463d3c1749803b1416caa75de5b30a03430e329c
-
SSDEEP
98304:2smfE8eD0M782w1JSdvi199xP9/ecsFjPSz:2QNBY2S99xl
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1