General

  • Target

    AIO checker 2024.rar

  • Size

    12.5MB

  • Sample

    240712-hjkflsvdnd

  • MD5

    82223fc5262e46c1d5d8f07bc3f45fc4

  • SHA1

    89bb073f7e80328123328826b733e07ed70b605d

  • SHA256

    478cbc06db0d5237d0d13e57ba94ec9d2e9ecbb796259a94798f164ebe9b4de8

  • SHA512

    0b064e5cc2ab3db6438b41e54c8e554e898003bbe2f7eb035bf5ac3725530c6523d9bde9bd3df3f4e21186bed75f9d57369238e0fe88c0e5dbf781c8b4520a95

  • SSDEEP

    196608:bJS2Pc+4WG4CXkjYdYhCoPhsLBscXaf7LaBm19GD5zug2Fd1gQniHe7oTDiM:bJLcRWG4C0jyhghcKfaBHD5iriH7TDiM

Malware Config

Targets

    • Target

      AIO checker 2024.rar

    • Size

      12.5MB

    • MD5

      82223fc5262e46c1d5d8f07bc3f45fc4

    • SHA1

      89bb073f7e80328123328826b733e07ed70b605d

    • SHA256

      478cbc06db0d5237d0d13e57ba94ec9d2e9ecbb796259a94798f164ebe9b4de8

    • SHA512

      0b064e5cc2ab3db6438b41e54c8e554e898003bbe2f7eb035bf5ac3725530c6523d9bde9bd3df3f4e21186bed75f9d57369238e0fe88c0e5dbf781c8b4520a95

    • SSDEEP

      196608:bJS2Pc+4WG4CXkjYdYhCoPhsLBscXaf7LaBm19GD5zug2Fd1gQniHe7oTDiM:bJLcRWG4C0jyhghcKfaBHD5iriH7TDiM

    Score
    3/10
    • Target

      AIO checker 2024.exe

    • Size

      12.6MB

    • MD5

      9cf1d0469c0f1f4d320a9ca7f0e1cc60

    • SHA1

      0dfb9cbecc894900df50ea91d6abc8064f7b3f4f

    • SHA256

      28fd7c5f8ab145889653beee671957a07696794f4b0ac7343d5c25e43f66042b

    • SHA512

      dee7e42a3e35759cdfa5b7ee4b76fab187b526478a4d47b41562a60e4970f755499faea1a33038ffe65d9ad5d916287ba7a54911a0fbf6ae3d0b47738329abdf

    • SSDEEP

      196608:/nmvZD+tHWdKFyGL1fCQfV1ZvD+z/hcc1ICaivxj2RMvV+TfiwFrxuakIdxG:/na1+tHjN9fVL7+z63ivxjhUzX

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      DscCore.dll

    • Size

      195KB

    • MD5

      392a0df275f04ff940215d4cafdb257e

    • SHA1

      29e34dc880e68dc04f46be583d162342b6ba01aa

    • SHA256

      c4084f617ed1dfdaca814cc9375a62d1fb466226f36aa53255c33b108725f29f

    • SHA512

      30b589809c77fd383eb722f6b695faa6d77df77b1a5005ac09a60ebdd47a05ecec435fd0b6f220f9a9aba1a2c4cac02b8b4f151958296e7dd75a66c5d92c75dd

    • SSDEEP

      3072:e+HJ8BMRbPfxOSsLc725qZ4bY0Hm3taMer4MhEb+Qiz7Tt/Fm2t:R3mW4bY0ytaqMh2+QU9m2

    Score
    1/10
    • Target

      DscCoreConfProv.dll

    • Size

      194KB

    • MD5

      850fb0501d6ed3035cf6caec764428df

    • SHA1

      e2a4079714d3fb51a55d78c458eaaef0149c6e95

    • SHA256

      d3348083905c789cef44a55cda47eb1844b1c393c10fabc6be9a26565b6d6607

    • SHA512

      06e0b03c17c2290526e4b33fef16b93c1742fea26d24e56a8ae44beb285037363ea776c36d1b98fcff458a57e72c0b1f9c2772474c2d7b5bec04c48243716117

    • SSDEEP

      3072:Mr3PkhsU3EZtMHGSVVpngsOhT4kymGcP+LPN4xkRIf1TWv8Md:Mr9oGSVVpngsaKmLP+LO9C8M

    Score
    1/10
    • Target

      drvstore.dll

    • Size

      720KB

    • MD5

      ef4c4ea376d172d966ab31388b3b63b6

    • SHA1

      400b47716619f8ed654aeb6e26f9359a9ba128c2

    • SHA256

      ff07c7b6ca66200a20d28668e4e9b401936eab7f9a4fbd9f90bba3d49e19ad77

    • SHA512

      ae4157ddd532e8e859c238939b95e61844adf445ac3465aaf0c047ae8a7d8980d1031104eef16ae5148d540c9f067fe01664f802635c273003e9e632ea8500ba

    • SSDEEP

      12288:v3giB4oDbO1y6k96dODJF/hMsmsPEFB/urPh0W44ZPGUEjj:/9DbO1y66xesmsPaB/uTG4RG9jj

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks