General
-
Target
7cc33f80106d0f58245fc201cd192c7914e6862738768123359bdeb4330a6c77.exe
-
Size
1.4MB
-
Sample
240723-c3hhgatbjn
-
MD5
1d2b1f463a1d6b10f9610337e95d5c0e
-
SHA1
59b08e6488e6380d4958534b3273396e34a14d9e
-
SHA256
7cc33f80106d0f58245fc201cd192c7914e6862738768123359bdeb4330a6c77
-
SHA512
74671170b1e066024240e6c5226b75727e604a8ac9ce41e69b7fe5cec581ef52c69a7b238d61c614d30a311c7c74e63d3b82e5a5815a51ef38dac71bd6d548bd
-
SSDEEP
24576:u2G/nvxW3WieCrUKCU7IPEHnEKGfLymG8jY5Acrcdwkvpfq:ubA3jrGU1HnSfLymG8cSzm
Malware Config
Targets
-
-
Target
7cc33f80106d0f58245fc201cd192c7914e6862738768123359bdeb4330a6c77.exe
-
Size
1.4MB
-
MD5
1d2b1f463a1d6b10f9610337e95d5c0e
-
SHA1
59b08e6488e6380d4958534b3273396e34a14d9e
-
SHA256
7cc33f80106d0f58245fc201cd192c7914e6862738768123359bdeb4330a6c77
-
SHA512
74671170b1e066024240e6c5226b75727e604a8ac9ce41e69b7fe5cec581ef52c69a7b238d61c614d30a311c7c74e63d3b82e5a5815a51ef38dac71bd6d548bd
-
SSDEEP
24576:u2G/nvxW3WieCrUKCU7IPEHnEKGfLymG8jY5Acrcdwkvpfq:ubA3jrGU1HnSfLymG8cSzm
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1