General
-
Target
2e2e24e2755fdee1042cadb7d15e9fd0d8770efb0d8cb7e9a5d7c491fb4c8bcf
-
Size
315KB
-
Sample
240622-yrv53ssdlh
-
MD5
b488e1ee7589d1e0640c59fe63cdc1a7
-
SHA1
d1f319c3c804423c05f81b0910fc657561d5529d
-
SHA256
2e2e24e2755fdee1042cadb7d15e9fd0d8770efb0d8cb7e9a5d7c491fb4c8bcf
-
SHA512
a9787404248c964d3fceaeb41129e31f4c73d7885b6a3e751647aebf6079ad1e6e4a994ff735596c9ce83abce2a453a76b79d1c0bab23f1ecb0574b0b5b3d65e
-
SSDEEP
6144:p/7y2oo7KE/VHIdAc467rZ2otGQx+gdciEQzkx4ufdx4bnr9u:pG2N7V9YAceotbuQomUdxKZ
Behavioral task
behavioral1
Sample
2e2e24e2755fdee1042cadb7d15e9fd0d8770efb0d8cb7e9a5d7c491fb4c8bcf.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2e2e24e2755fdee1042cadb7d15e9fd0d8770efb0d8cb7e9a5d7c491fb4c8bcf.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
2e2e24e2755fdee1042cadb7d15e9fd0d8770efb0d8cb7e9a5d7c491fb4c8bcf
-
Size
315KB
-
MD5
b488e1ee7589d1e0640c59fe63cdc1a7
-
SHA1
d1f319c3c804423c05f81b0910fc657561d5529d
-
SHA256
2e2e24e2755fdee1042cadb7d15e9fd0d8770efb0d8cb7e9a5d7c491fb4c8bcf
-
SHA512
a9787404248c964d3fceaeb41129e31f4c73d7885b6a3e751647aebf6079ad1e6e4a994ff735596c9ce83abce2a453a76b79d1c0bab23f1ecb0574b0b5b3d65e
-
SSDEEP
6144:p/7y2oo7KE/VHIdAc467rZ2otGQx+gdciEQzkx4ufdx4bnr9u:pG2N7V9YAceotbuQomUdxKZ
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1