General
-
Target
AgE312YolF45.exe
-
Size
2.0MB
-
Sample
240620-rswdxawgjn
-
MD5
3c85f943f1f46c62c996d02b335ead81
-
SHA1
d19a217efea23a93c24541c0027e2bb19a32a148
-
SHA256
3f55ade4a555c326fc309c8478b1abe8acb9d24ca3496d5a3e65256c35b81ee7
-
SHA512
24220be76b6723f87c8a3b690d1ef3f876682e6fd156f5dc087d88ca7d1e020e6171354838ece2952341835babf63e51f4bd89626a2420f730b524787be34b8b
-
SSDEEP
24576:u2G/nvxW3WieCYSoWse8bvSGOkDSqMdxcXZLE2XTo6+2lXgW8/ezB8diUV6gwvB+:ubA3jYSovbvSXqGsLw6RXRgBdF6rZYdt
Malware Config
Targets
-
-
Target
AgE312YolF45.exe
-
Size
2.0MB
-
MD5
3c85f943f1f46c62c996d02b335ead81
-
SHA1
d19a217efea23a93c24541c0027e2bb19a32a148
-
SHA256
3f55ade4a555c326fc309c8478b1abe8acb9d24ca3496d5a3e65256c35b81ee7
-
SHA512
24220be76b6723f87c8a3b690d1ef3f876682e6fd156f5dc087d88ca7d1e020e6171354838ece2952341835babf63e51f4bd89626a2420f730b524787be34b8b
-
SSDEEP
24576:u2G/nvxW3WieCYSoWse8bvSGOkDSqMdxcXZLE2XTo6+2lXgW8/ezB8diUV6gwvB+:ubA3jYSovbvSXqGsLw6RXRgBdF6rZYdt
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1