General
-
Target
LunarClient.exe
-
Size
1.7MB
-
Sample
240623-spk97szbll
-
MD5
9ed416dd7d2703d7025b67964ceaa618
-
SHA1
a8cd8d8dde51b3df56967635b63e7190debe38d5
-
SHA256
88436e50ecbe11ba2bc79af72ab1e5d774e2217feee9e10f077216a5d530ab7c
-
SHA512
02736235fad8e993c8c5a047bdab5af817c0efd81c39a13fecdca10df25f188503404ddbadfee93bbe1442acd7d63801f379bdd4a6143e75189dde5375dd7c5c
-
SSDEEP
24576:V2G/nvxW3WUmnzqXrUG+0EndmO35gHz/EXrcpfU00H6N3RZYcq48yP2Ycl1uEzL:VbA3G+Xu3ndxKccpfUb620P8lF
Behavioral task
behavioral1
Sample
LunarClient.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
LunarClient.exe
-
Size
1.7MB
-
MD5
9ed416dd7d2703d7025b67964ceaa618
-
SHA1
a8cd8d8dde51b3df56967635b63e7190debe38d5
-
SHA256
88436e50ecbe11ba2bc79af72ab1e5d774e2217feee9e10f077216a5d530ab7c
-
SHA512
02736235fad8e993c8c5a047bdab5af817c0efd81c39a13fecdca10df25f188503404ddbadfee93bbe1442acd7d63801f379bdd4a6143e75189dde5375dd7c5c
-
SSDEEP
24576:V2G/nvxW3WUmnzqXrUG+0EndmO35gHz/EXrcpfU00H6N3RZYcq48yP2Ycl1uEzL:VbA3G+Xu3ndxKccpfUb620P8lF
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1