General
-
Target
25f24f924e296c9d0bb523f1a52159f138a10505062ea1cf2ee4b17cc7b08ac8
-
Size
3.2MB
-
Sample
240531-yhsctsba7t
-
MD5
a785b1ff3467b61f4506c7022ad13e31
-
SHA1
9f76c04963f2de14f4aaa13dcf9af98f79f89a91
-
SHA256
25f24f924e296c9d0bb523f1a52159f138a10505062ea1cf2ee4b17cc7b08ac8
-
SHA512
ca56b31a25b23de63fc7131788c350f0081c5673fc7456781a93f2ec9852948d5500e5fd06c30924dd6614e7bc2a1bc9346f02e067a06bb4b26c96f70f6ad0c9
-
SSDEEP
49152:nC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:nC0Fl8v/qXYrv5tG9uKJGAWl5N
Behavioral task
behavioral1
Sample
25f24f924e296c9d0bb523f1a52159f138a10505062ea1cf2ee4b17cc7b08ac8.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
25f24f924e296c9d0bb523f1a52159f138a10505062ea1cf2ee4b17cc7b08ac8
-
Size
3.2MB
-
MD5
a785b1ff3467b61f4506c7022ad13e31
-
SHA1
9f76c04963f2de14f4aaa13dcf9af98f79f89a91
-
SHA256
25f24f924e296c9d0bb523f1a52159f138a10505062ea1cf2ee4b17cc7b08ac8
-
SHA512
ca56b31a25b23de63fc7131788c350f0081c5673fc7456781a93f2ec9852948d5500e5fd06c30924dd6614e7bc2a1bc9346f02e067a06bb4b26c96f70f6ad0c9
-
SSDEEP
49152:nC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:nC0Fl8v/qXYrv5tG9uKJGAWl5N
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1