General
-
Target
299ca6c79cca21d4e4d6204d3c650d10N.exe
-
Size
1.8MB
-
Sample
240724-aw5y3s1clf
-
MD5
299ca6c79cca21d4e4d6204d3c650d10
-
SHA1
a7db4c75ad2025257a62964397fe231436b07d2e
-
SHA256
23f8f5fa14be58995db500b8506fde23f21f469a76912178b7934c354b3ce712
-
SHA512
af85c0db6cd789d0a5d299d2abcce194703214f52895de7c6751c7a6889e6ed7b4d0cbf1d449253e8ef74cdde9a0a1f91fba6d12319bc1c96ccbd2e26482de75
-
SSDEEP
24576:qCtiMhME2Tw3zTIsaEO+5M4vZZk+70IT0AWBGpfmoEu562TEsRdrKgwgJlD02ioK:1hmQzW+j+40IIAWGrEuU2TLdrKCJlIS
Behavioral task
behavioral1
Sample
299ca6c79cca21d4e4d6204d3c650d10N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
299ca6c79cca21d4e4d6204d3c650d10N.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
299ca6c79cca21d4e4d6204d3c650d10N.exe
-
Size
1.8MB
-
MD5
299ca6c79cca21d4e4d6204d3c650d10
-
SHA1
a7db4c75ad2025257a62964397fe231436b07d2e
-
SHA256
23f8f5fa14be58995db500b8506fde23f21f469a76912178b7934c354b3ce712
-
SHA512
af85c0db6cd789d0a5d299d2abcce194703214f52895de7c6751c7a6889e6ed7b4d0cbf1d449253e8ef74cdde9a0a1f91fba6d12319bc1c96ccbd2e26482de75
-
SSDEEP
24576:qCtiMhME2Tw3zTIsaEO+5M4vZZk+70IT0AWBGpfmoEu562TEsRdrKgwgJlD02ioK:1hmQzW+j+40IIAWGrEuU2TLdrKCJlIS
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1