General

  • Target

    c052c666088c246a5e15c88190b68cb1a3d70974396bfbe5e075d7e12d4522ad

  • Size

    3.3MB

  • Sample

    240619-db116ssejc

  • MD5

    bfa95bec512a100511e4f1e90189594c

  • SHA1

    5491655abcbe56963ff489b8181bacebd2873e07

  • SHA256

    c052c666088c246a5e15c88190b68cb1a3d70974396bfbe5e075d7e12d4522ad

  • SHA512

    be1f4da54c40d874cd47687e6578b978c2ea45f0ffe31c171db4e8cf67a84aa172844333bb028bd0e042f38f75bafa22522ce6572b6b53472d817a208258212b

  • SSDEEP

    49152:6PAT5v5Ilvgss/W+dvuTIfw0LgaTNzvl95mLDQbMa4wT47Zu+lIK7sYPkoIX:6G5es/HUT0MahzlnZ4wT4VBIZYPko

Malware Config

Targets

    • Target

      c052c666088c246a5e15c88190b68cb1a3d70974396bfbe5e075d7e12d4522ad

    • Size

      3.3MB

    • MD5

      bfa95bec512a100511e4f1e90189594c

    • SHA1

      5491655abcbe56963ff489b8181bacebd2873e07

    • SHA256

      c052c666088c246a5e15c88190b68cb1a3d70974396bfbe5e075d7e12d4522ad

    • SHA512

      be1f4da54c40d874cd47687e6578b978c2ea45f0ffe31c171db4e8cf67a84aa172844333bb028bd0e042f38f75bafa22522ce6572b6b53472d817a208258212b

    • SSDEEP

      49152:6PAT5v5Ilvgss/W+dvuTIfw0LgaTNzvl95mLDQbMa4wT47Zu+lIK7sYPkoIX:6G5es/HUT0MahzlnZ4wT4VBIZYPko

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Modifies WinLogon for persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Detects executables packed with SmartAssembly

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks