General

  • Target

    1610d005e2af505e573a49eecd7dadb7.exe

  • Size

    1.3MB

  • Sample

    240523-fkpqlsee28

  • MD5

    1610d005e2af505e573a49eecd7dadb7

  • SHA1

    a1ddc7111c710191d364cfba6943d8be87d4f454

  • SHA256

    0f0009550ad8a696b79efaddb21f8ce26236c5c302c5159e0af3d7fe75b57fd3

  • SHA512

    5bd3f7ca3359e0fbe8e6b6d2ff9f007cdc2c19325c2bc24194814fe2d72fef32104d1739a6f37f4ca94a3779ee1715ec25f50e8c4dc8bac8e8397813b73feda8

  • SSDEEP

    24576:xALTck+Rs8xdbtVhrETeQ35YaUccQEt5bSCi03FAx:xAnc1xQTeQ1ULi0

Malware Config

Targets

    • Target

      1610d005e2af505e573a49eecd7dadb7.exe

    • Size

      1.3MB

    • MD5

      1610d005e2af505e573a49eecd7dadb7

    • SHA1

      a1ddc7111c710191d364cfba6943d8be87d4f454

    • SHA256

      0f0009550ad8a696b79efaddb21f8ce26236c5c302c5159e0af3d7fe75b57fd3

    • SHA512

      5bd3f7ca3359e0fbe8e6b6d2ff9f007cdc2c19325c2bc24194814fe2d72fef32104d1739a6f37f4ca94a3779ee1715ec25f50e8c4dc8bac8e8397813b73feda8

    • SSDEEP

      24576:xALTck+Rs8xdbtVhrETeQ35YaUccQEt5bSCi03FAx:xAnc1xQTeQ1ULi0

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks