General
-
Target
hui.exe
-
Size
4.9MB
-
Sample
240712-xg84hsxhne
-
MD5
6dd3349a069138120e48d8feb73e73c8
-
SHA1
bb074e9cbbdb1b927a540512ecd5ca9915471943
-
SHA256
b043cf42035b5cf2ec0f7082dbddae83f12f75bb471b0fe68e9b13b9aa1b2f5d
-
SHA512
a0bfccd3852096ff2955dd6e097ee6ce0238f91d3cd236c8d6cd53565c02124dd8d93eb9b28632ba05fa3a0b3d1873856a40388976b752cd839f0ae3026d174b
-
SSDEEP
98304:nqwoGvOmkHvjEUo9Kei4h01rglxUOknyC63s3wb0otcjBd:nqwJvODvY59k1gQLy23i1c9d
Static task
static1
Behavioral task
behavioral1
Sample
hui.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
hui.exe
-
Size
4.9MB
-
MD5
6dd3349a069138120e48d8feb73e73c8
-
SHA1
bb074e9cbbdb1b927a540512ecd5ca9915471943
-
SHA256
b043cf42035b5cf2ec0f7082dbddae83f12f75bb471b0fe68e9b13b9aa1b2f5d
-
SHA512
a0bfccd3852096ff2955dd6e097ee6ce0238f91d3cd236c8d6cd53565c02124dd8d93eb9b28632ba05fa3a0b3d1873856a40388976b752cd839f0ae3026d174b
-
SSDEEP
98304:nqwoGvOmkHvjEUo9Kei4h01rglxUOknyC63s3wb0otcjBd:nqwJvODvY59k1gQLy23i1c9d
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1