General

  • Target

    2799249bd066a63867d38a7773108711301fce32cd774032c6643a733c91e88a.exe

  • Size

    1.8MB

  • Sample

    240712-rjmemsygqb

  • MD5

    1f762f2937a65e6706cc9890c2ce963e

  • SHA1

    dd9c4b3a729fd1f0f486808750a82df7bbb908ec

  • SHA256

    2799249bd066a63867d38a7773108711301fce32cd774032c6643a733c91e88a

  • SHA512

    fef5180a80f46ceab132d00d26f0c14d3711007e75a8d419b08d69ed00d84b70b8113c144b54a0e3d4a70967fdf9a4cff9a1317fec4076888da5203443abebcc

  • SSDEEP

    24576:U2G/nvxW3Ww0tzWLVgARUYjfmdylolfEz1ocP7dmjhoGgRO0fktrJxEV4Bn9J0gE:UbA30zWRNfdBnsWNnGrJqEn9nSTbt

Malware Config

Targets

    • Target

      2799249bd066a63867d38a7773108711301fce32cd774032c6643a733c91e88a.exe

    • Size

      1.8MB

    • MD5

      1f762f2937a65e6706cc9890c2ce963e

    • SHA1

      dd9c4b3a729fd1f0f486808750a82df7bbb908ec

    • SHA256

      2799249bd066a63867d38a7773108711301fce32cd774032c6643a733c91e88a

    • SHA512

      fef5180a80f46ceab132d00d26f0c14d3711007e75a8d419b08d69ed00d84b70b8113c144b54a0e3d4a70967fdf9a4cff9a1317fec4076888da5203443abebcc

    • SSDEEP

      24576:U2G/nvxW3Ww0tzWLVgARUYjfmdylolfEz1ocP7dmjhoGgRO0fktrJxEV4Bn9J0gE:UbA30zWRNfdBnsWNnGrJqEn9nSTbt

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks