General
-
Target
Telegold Patch.exe
-
Size
7.0MB
-
Sample
240619-lwhz4ayapg
-
MD5
8a8079f15d2aab647904a45599137f6e
-
SHA1
6ba5b4de618405007e5ea55ea75c46b9041de0b9
-
SHA256
cde859e5bd97108d73250f81322ba53b5ac27464a369ea5e2f99affbb8b4cd8a
-
SHA512
ca0bb22d1ae0f241598e3cc8763d85c5d459a5d76b27c29a8234f0183938b6866fc3ea9ee43d2b41257ae08c19316ec697d3a89f83d4635f239e102f27fb65a8
-
SSDEEP
98304:3c1ezhQ/sb+sX1ZvbeeJZ34Z0FGRABTgtse6vzovkFSZA6nifyf3Yfr7dqDqtI:3thQECsXDjpf3ZkJMFEAJaf3g5tI
Behavioral task
behavioral1
Sample
Telegold Patch.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Telegold Patch.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
main.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
main.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Telegold Patch.exe
-
Size
7.0MB
-
MD5
8a8079f15d2aab647904a45599137f6e
-
SHA1
6ba5b4de618405007e5ea55ea75c46b9041de0b9
-
SHA256
cde859e5bd97108d73250f81322ba53b5ac27464a369ea5e2f99affbb8b4cd8a
-
SHA512
ca0bb22d1ae0f241598e3cc8763d85c5d459a5d76b27c29a8234f0183938b6866fc3ea9ee43d2b41257ae08c19316ec697d3a89f83d4635f239e102f27fb65a8
-
SSDEEP
98304:3c1ezhQ/sb+sX1ZvbeeJZ34Z0FGRABTgtse6vzovkFSZA6nifyf3Yfr7dqDqtI:3thQECsXDjpf3ZkJMFEAJaf3g5tI
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
main.pyc
-
Size
629B
-
MD5
ac46328573f9241a12a8b95c26a402da
-
SHA1
a425ed01f94d8c48861adef40717fa196789152e
-
SHA256
18fefaffd9df900f4fec9a0aad8bf02ac92e02f77ebf39640d83cc9da09ea532
-
SHA512
4c222036709a0fb5db2494f8ab7e4c1fc0b8556692e5078a7f9559fcba097bd7c097bd38200bd41ccc4139b04b44a4f6b0023cdf5ea45ef4bf821cbdccdf23e1
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1