General
-
Target
update.exe
-
Size
3.6MB
-
Sample
240622-zshf2stgjc
-
MD5
a6246d26b25397c8423b37072a5324af
-
SHA1
6af1face2a423211499e06a61c1f124c43cc9c75
-
SHA256
a573fd4278d7d2368bbc067fab817358adbdc9150518fc5dbd9c29bbae3b5283
-
SHA512
1bb9b4a32a94d4eadec1f11eb2cd4aba4df119012aaa157c0e3e4733c915015bb983f48ba85b311e5fb7b75bcad3df0264d9b2a31ef85159b9256d771cf0fa40
-
SSDEEP
49152:UbA30Zm7ASeO5KSAktY85Fm4LpZVfMz/ha0E3b5geMsoC8nUV6J8+KxpmctXIw:UbA7ASXKPKBfihanL2VX4cJ8+KxZd
Behavioral task
behavioral1
Sample
update.exe
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
update.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
update.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
update.exe
-
Size
3.6MB
-
MD5
a6246d26b25397c8423b37072a5324af
-
SHA1
6af1face2a423211499e06a61c1f124c43cc9c75
-
SHA256
a573fd4278d7d2368bbc067fab817358adbdc9150518fc5dbd9c29bbae3b5283
-
SHA512
1bb9b4a32a94d4eadec1f11eb2cd4aba4df119012aaa157c0e3e4733c915015bb983f48ba85b311e5fb7b75bcad3df0264d9b2a31ef85159b9256d771cf0fa40
-
SSDEEP
49152:UbA30Zm7ASeO5KSAktY85Fm4LpZVfMz/ha0E3b5geMsoC8nUV6J8+KxpmctXIw:UbA7ASXKPKBfihanL2VX4cJ8+KxZd
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1