General

  • Target

    Telegold Patch.exe

  • Size

    7.0MB

  • Sample

    240619-lwhz4ayapg

  • MD5

    8a8079f15d2aab647904a45599137f6e

  • SHA1

    6ba5b4de618405007e5ea55ea75c46b9041de0b9

  • SHA256

    cde859e5bd97108d73250f81322ba53b5ac27464a369ea5e2f99affbb8b4cd8a

  • SHA512

    ca0bb22d1ae0f241598e3cc8763d85c5d459a5d76b27c29a8234f0183938b6866fc3ea9ee43d2b41257ae08c19316ec697d3a89f83d4635f239e102f27fb65a8

  • SSDEEP

    98304:3c1ezhQ/sb+sX1ZvbeeJZ34Z0FGRABTgtse6vzovkFSZA6nifyf3Yfr7dqDqtI:3thQECsXDjpf3ZkJMFEAJaf3g5tI

Malware Config

Targets

    • Target

      Telegold Patch.exe

    • Size

      7.0MB

    • MD5

      8a8079f15d2aab647904a45599137f6e

    • SHA1

      6ba5b4de618405007e5ea55ea75c46b9041de0b9

    • SHA256

      cde859e5bd97108d73250f81322ba53b5ac27464a369ea5e2f99affbb8b4cd8a

    • SHA512

      ca0bb22d1ae0f241598e3cc8763d85c5d459a5d76b27c29a8234f0183938b6866fc3ea9ee43d2b41257ae08c19316ec697d3a89f83d4635f239e102f27fb65a8

    • SSDEEP

      98304:3c1ezhQ/sb+sX1ZvbeeJZ34Z0FGRABTgtse6vzovkFSZA6nifyf3Yfr7dqDqtI:3thQECsXDjpf3ZkJMFEAJaf3g5tI

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Modifies WinLogon for persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Target

      main.pyc

    • Size

      629B

    • MD5

      ac46328573f9241a12a8b95c26a402da

    • SHA1

      a425ed01f94d8c48861adef40717fa196789152e

    • SHA256

      18fefaffd9df900f4fec9a0aad8bf02ac92e02f77ebf39640d83cc9da09ea532

    • SHA512

      4c222036709a0fb5db2494f8ab7e4c1fc0b8556692e5078a7f9559fcba097bd7c097bd38200bd41ccc4139b04b44a4f6b0023cdf5ea45ef4bf821cbdccdf23e1

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks