General
-
Target
8ce6b9b905b77768b4806c491d303784d9ba8513c4616e07b8f7a75553a0d40f.exe
-
Size
3.1MB
-
Sample
240618-wefhraxgml
-
MD5
50041c9d3b476dda21ed199fdf346aaf
-
SHA1
5a73df246d5b9970f9c445127651b62ed502a375
-
SHA256
8ce6b9b905b77768b4806c491d303784d9ba8513c4616e07b8f7a75553a0d40f
-
SHA512
16440fb313281c9da99370cf05a433a28af41ac6a34692b7b31254e61b7af53c6b903fa9a885a33263d931b8246de307b14ffe0a24a6f30f8c16612b9b48c730
-
SSDEEP
49152:cqmwdl594cJ2gdv4B2lvBX/5LcB14vpKuoeZyZSP1RcvsjBux22wGVLf4O:cqHdnBJDkYBX/5LUivpKuoAqcQx2KL9
Behavioral task
behavioral1
Sample
8ce6b9b905b77768b4806c491d303784d9ba8513c4616e07b8f7a75553a0d40f.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
8ce6b9b905b77768b4806c491d303784d9ba8513c4616e07b8f7a75553a0d40f.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
8ce6b9b905b77768b4806c491d303784d9ba8513c4616e07b8f7a75553a0d40f.exe
-
Size
3.1MB
-
MD5
50041c9d3b476dda21ed199fdf346aaf
-
SHA1
5a73df246d5b9970f9c445127651b62ed502a375
-
SHA256
8ce6b9b905b77768b4806c491d303784d9ba8513c4616e07b8f7a75553a0d40f
-
SHA512
16440fb313281c9da99370cf05a433a28af41ac6a34692b7b31254e61b7af53c6b903fa9a885a33263d931b8246de307b14ffe0a24a6f30f8c16612b9b48c730
-
SSDEEP
49152:cqmwdl594cJ2gdv4B2lvBX/5LcB14vpKuoeZyZSP1RcvsjBux22wGVLf4O:cqHdnBJDkYBX/5LUivpKuoAqcQx2KL9
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1