General
-
Target
c052c666088c246a5e15c88190b68cb1a3d70974396bfbe5e075d7e12d4522ad
-
Size
3.3MB
-
Sample
240619-db116ssejc
-
MD5
bfa95bec512a100511e4f1e90189594c
-
SHA1
5491655abcbe56963ff489b8181bacebd2873e07
-
SHA256
c052c666088c246a5e15c88190b68cb1a3d70974396bfbe5e075d7e12d4522ad
-
SHA512
be1f4da54c40d874cd47687e6578b978c2ea45f0ffe31c171db4e8cf67a84aa172844333bb028bd0e042f38f75bafa22522ce6572b6b53472d817a208258212b
-
SSDEEP
49152:6PAT5v5Ilvgss/W+dvuTIfw0LgaTNzvl95mLDQbMa4wT47Zu+lIK7sYPkoIX:6G5es/HUT0MahzlnZ4wT4VBIZYPko
Behavioral task
behavioral1
Sample
c052c666088c246a5e15c88190b68cb1a3d70974396bfbe5e075d7e12d4522ad.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c052c666088c246a5e15c88190b68cb1a3d70974396bfbe5e075d7e12d4522ad.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
c052c666088c246a5e15c88190b68cb1a3d70974396bfbe5e075d7e12d4522ad
-
Size
3.3MB
-
MD5
bfa95bec512a100511e4f1e90189594c
-
SHA1
5491655abcbe56963ff489b8181bacebd2873e07
-
SHA256
c052c666088c246a5e15c88190b68cb1a3d70974396bfbe5e075d7e12d4522ad
-
SHA512
be1f4da54c40d874cd47687e6578b978c2ea45f0ffe31c171db4e8cf67a84aa172844333bb028bd0e042f38f75bafa22522ce6572b6b53472d817a208258212b
-
SSDEEP
49152:6PAT5v5Ilvgss/W+dvuTIfw0LgaTNzvl95mLDQbMa4wT47Zu+lIK7sYPkoIX:6G5es/HUT0MahzlnZ4wT4VBIZYPko
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1