General
-
Target
test.exe
-
Size
154KB
-
Sample
240622-rsp7ws1fpg
-
MD5
888cffc8e5f72b2a4ea416b028af87c9
-
SHA1
eb520fc0c91d329f98568452fff0dd985c37556a
-
SHA256
3d0ddd3c8dccf9b68e2fb3d751e555f2b92e84d89d04caaf6b819439e8147431
-
SHA512
365ffd1a32cc7ae193bf298d79af35ef2c5e567630e34783b490902fd744f24a43a1fa0f5d89f18f96d88ec23eef30aaab363d9563fb91bf316264ee02bcf89e
-
SSDEEP
3072:uahKyd2n31J5GWp1icKAArDZz4N9GhbkrNEk1hT:uahOlp0yN90QEq
Static task
static1
Behavioral task
behavioral1
Sample
test.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
test.exe
-
Size
154KB
-
MD5
888cffc8e5f72b2a4ea416b028af87c9
-
SHA1
eb520fc0c91d329f98568452fff0dd985c37556a
-
SHA256
3d0ddd3c8dccf9b68e2fb3d751e555f2b92e84d89d04caaf6b819439e8147431
-
SHA512
365ffd1a32cc7ae193bf298d79af35ef2c5e567630e34783b490902fd744f24a43a1fa0f5d89f18f96d88ec23eef30aaab363d9563fb91bf316264ee02bcf89e
-
SSDEEP
3072:uahKyd2n31J5GWp1icKAArDZz4N9GhbkrNEk1hT:uahOlp0yN90QEq
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1