General
-
Target
SandeLLoCHECKER_Installer (2).exe
-
Size
1.5MB
-
Sample
240719-l9qxvsyhqb
-
MD5
4c52459e292810c1197ed6f2e6486375
-
SHA1
12f8ef89e298d758b61b8104aca610ddce9b5b4e
-
SHA256
513bdf8d578fc535a41943fb900c32dc29de645bb9327ab3497b13632e04c6fc
-
SHA512
47bf5deb7661948f84aa8319921ab19dd70e4751475d1682578960d30420c14842f3784f1e416472c252efd3411278711d85ec103664601062606da5a18debe7
-
SSDEEP
24576:62G/nvxW3WvwD4cm7HZi6ABOSJcv9c3B8Z3Mnge2RxpA2UQXN58xTY6+2e:6bA3JDDmk6ocv9c3PiixiU+Z
Behavioral task
behavioral1
Sample
SandeLLoCHECKER_Installer (2).exe
Resource
win11-20240709-en
Malware Config
Targets
-
-
Target
SandeLLoCHECKER_Installer (2).exe
-
Size
1.5MB
-
MD5
4c52459e292810c1197ed6f2e6486375
-
SHA1
12f8ef89e298d758b61b8104aca610ddce9b5b4e
-
SHA256
513bdf8d578fc535a41943fb900c32dc29de645bb9327ab3497b13632e04c6fc
-
SHA512
47bf5deb7661948f84aa8319921ab19dd70e4751475d1682578960d30420c14842f3784f1e416472c252efd3411278711d85ec103664601062606da5a18debe7
-
SSDEEP
24576:62G/nvxW3WvwD4cm7HZi6ABOSJcv9c3B8Z3Mnge2RxpA2UQXN58xTY6+2e:6bA3JDDmk6ocv9c3PiixiU+Z
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Scheduled Task
1