General
-
Target
8d31ae46e123de0d23937d664298428e37b45a7a135a95d73f5887779ee48710.exe
-
Size
1.5MB
-
Sample
240601-exbtvahf9v
-
MD5
0a32536cc1d5e2a35d7d289b4ff0e76b
-
SHA1
98736b0b5a6f3709f81365c9e6477819074c3170
-
SHA256
8d31ae46e123de0d23937d664298428e37b45a7a135a95d73f5887779ee48710
-
SHA512
b2d5d91eb7ecfc6eb295c63ecba5c3ceb4b4a865fc9a9f90bd1e82bff4bc39905baf9ab2962580ee708761632e5499694f3f823aa2f139bce809398262eb3b73
-
SSDEEP
24576:0Q1yLJg2WGBITqb6YtZuhH6bxzDtR8P56fpjPFWm:0Q1FdrqeoAR4NfjS
Behavioral task
behavioral1
Sample
8d31ae46e123de0d23937d664298428e37b45a7a135a95d73f5887779ee48710.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8d31ae46e123de0d23937d664298428e37b45a7a135a95d73f5887779ee48710.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
8d31ae46e123de0d23937d664298428e37b45a7a135a95d73f5887779ee48710.exe
-
Size
1.5MB
-
MD5
0a32536cc1d5e2a35d7d289b4ff0e76b
-
SHA1
98736b0b5a6f3709f81365c9e6477819074c3170
-
SHA256
8d31ae46e123de0d23937d664298428e37b45a7a135a95d73f5887779ee48710
-
SHA512
b2d5d91eb7ecfc6eb295c63ecba5c3ceb4b4a865fc9a9f90bd1e82bff4bc39905baf9ab2962580ee708761632e5499694f3f823aa2f139bce809398262eb3b73
-
SSDEEP
24576:0Q1yLJg2WGBITqb6YtZuhH6bxzDtR8P56fpjPFWm:0Q1FdrqeoAR4NfjS
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1