General
-
Target
8c0267fb7146c54c0ed4e7d9e3f98ca0cb5cf483458d7e1d3a2aad6a8e05e94f
-
Size
1.4MB
-
Sample
240601-d6asgahb59
-
MD5
fc786f073330d13422f57de468f48a78
-
SHA1
105e24769704f2dfefcc2ba8c3d92d3721f3917e
-
SHA256
8c0267fb7146c54c0ed4e7d9e3f98ca0cb5cf483458d7e1d3a2aad6a8e05e94f
-
SHA512
9e6d0a6ad44cc30f8b7e1e6109a5b1b4d619d08ffd9ba7512ea4f75acb4a976cebfc94602eb0ce14d0dacb72183964fe360eac4b40ec5f10afd3ef49a24c6c63
-
SSDEEP
24576:oq7qayjKHvHB5P/0LXEHk+xn9sDvy5XU2:o6qoPADEtxn9k
Behavioral task
behavioral1
Sample
8c0267fb7146c54c0ed4e7d9e3f98ca0cb5cf483458d7e1d3a2aad6a8e05e94f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c0267fb7146c54c0ed4e7d9e3f98ca0cb5cf483458d7e1d3a2aad6a8e05e94f.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
8c0267fb7146c54c0ed4e7d9e3f98ca0cb5cf483458d7e1d3a2aad6a8e05e94f
-
Size
1.4MB
-
MD5
fc786f073330d13422f57de468f48a78
-
SHA1
105e24769704f2dfefcc2ba8c3d92d3721f3917e
-
SHA256
8c0267fb7146c54c0ed4e7d9e3f98ca0cb5cf483458d7e1d3a2aad6a8e05e94f
-
SHA512
9e6d0a6ad44cc30f8b7e1e6109a5b1b4d619d08ffd9ba7512ea4f75acb4a976cebfc94602eb0ce14d0dacb72183964fe360eac4b40ec5f10afd3ef49a24c6c63
-
SSDEEP
24576:oq7qayjKHvHB5P/0LXEHk+xn9sDvy5XU2:o6qoPADEtxn9k
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1