General
-
Target
3a7eb05a575ea6c0ebd97a42d6a77e66.exe
-
Size
2.5MB
-
Sample
240722-p872jazamk
-
MD5
3a7eb05a575ea6c0ebd97a42d6a77e66
-
SHA1
71e362bd1e833c7192c0f93d219f9727f1c98297
-
SHA256
25228b9b7646e3a44d0c0458b2d9f4dde89cb36ca52f69ae317edad02678678c
-
SHA512
0e4e9cc7d86949b349722e3e41d6e1686f8f55d44e98f93ff5f42f05a798c8300be75ff19ea0c369800c2cbc0fb4190a7138cbac5250ea812b11d185100403f6
-
SSDEEP
49152:dLajZyQosaw6JjUh94mLijLGroai47lLOBTh8YLX/tG6wY0F6SqcCN39XD:cZyQoK2j1mLijicSLeLPeYTNx
Behavioral task
behavioral1
Sample
3a7eb05a575ea6c0ebd97a42d6a77e66.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3a7eb05a575ea6c0ebd97a42d6a77e66.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
3a7eb05a575ea6c0ebd97a42d6a77e66.exe
-
Size
2.5MB
-
MD5
3a7eb05a575ea6c0ebd97a42d6a77e66
-
SHA1
71e362bd1e833c7192c0f93d219f9727f1c98297
-
SHA256
25228b9b7646e3a44d0c0458b2d9f4dde89cb36ca52f69ae317edad02678678c
-
SHA512
0e4e9cc7d86949b349722e3e41d6e1686f8f55d44e98f93ff5f42f05a798c8300be75ff19ea0c369800c2cbc0fb4190a7138cbac5250ea812b11d185100403f6
-
SSDEEP
49152:dLajZyQosaw6JjUh94mLijLGroai47lLOBTh8YLX/tG6wY0F6SqcCN39XD:cZyQoK2j1mLijicSLeLPeYTNx
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1