General

  • Target

    8c0267fb7146c54c0ed4e7d9e3f98ca0cb5cf483458d7e1d3a2aad6a8e05e94f

  • Size

    1.4MB

  • Sample

    240601-d6asgahb59

  • MD5

    fc786f073330d13422f57de468f48a78

  • SHA1

    105e24769704f2dfefcc2ba8c3d92d3721f3917e

  • SHA256

    8c0267fb7146c54c0ed4e7d9e3f98ca0cb5cf483458d7e1d3a2aad6a8e05e94f

  • SHA512

    9e6d0a6ad44cc30f8b7e1e6109a5b1b4d619d08ffd9ba7512ea4f75acb4a976cebfc94602eb0ce14d0dacb72183964fe360eac4b40ec5f10afd3ef49a24c6c63

  • SSDEEP

    24576:oq7qayjKHvHB5P/0LXEHk+xn9sDvy5XU2:o6qoPADEtxn9k

Malware Config

Targets

    • Target

      8c0267fb7146c54c0ed4e7d9e3f98ca0cb5cf483458d7e1d3a2aad6a8e05e94f

    • Size

      1.4MB

    • MD5

      fc786f073330d13422f57de468f48a78

    • SHA1

      105e24769704f2dfefcc2ba8c3d92d3721f3917e

    • SHA256

      8c0267fb7146c54c0ed4e7d9e3f98ca0cb5cf483458d7e1d3a2aad6a8e05e94f

    • SHA512

      9e6d0a6ad44cc30f8b7e1e6109a5b1b4d619d08ffd9ba7512ea4f75acb4a976cebfc94602eb0ce14d0dacb72183964fe360eac4b40ec5f10afd3ef49a24c6c63

    • SSDEEP

      24576:oq7qayjKHvHB5P/0LXEHk+xn9sDvy5XU2:o6qoPADEtxn9k

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks