General
-
Target
90cd882d4b7aa3939307bcc71bc05d38e600cb22e8984985335df1feac12e44a.exe
-
Size
3.2MB
-
Sample
240726-e4gzfazcje
-
MD5
1c36a988c66b1b5e9ef74f4bacedadba
-
SHA1
5591180c32f80e171c57f4be055000ad6f499351
-
SHA256
90cd882d4b7aa3939307bcc71bc05d38e600cb22e8984985335df1feac12e44a
-
SHA512
147b89dc5980149e53a8f7f1caa51185f443d2d779a8c20422b9a1fe5dc6c842c9ab4701b19c2dc5393cb530693ece583b09c370b6d229fbd84933af810f4df6
-
SSDEEP
49152:a4iktlQ2cj9ScADsiz76m0JVqeUYfHuv4mDrsdWE2hnKQ9nO1zdhBFMGIEdY/0/w:aXktlQQsE49UguAiu2cp1zjLddZ9QY
Behavioral task
behavioral1
Sample
90cd882d4b7aa3939307bcc71bc05d38e600cb22e8984985335df1feac12e44a.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
90cd882d4b7aa3939307bcc71bc05d38e600cb22e8984985335df1feac12e44a.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
90cd882d4b7aa3939307bcc71bc05d38e600cb22e8984985335df1feac12e44a.exe
-
Size
3.2MB
-
MD5
1c36a988c66b1b5e9ef74f4bacedadba
-
SHA1
5591180c32f80e171c57f4be055000ad6f499351
-
SHA256
90cd882d4b7aa3939307bcc71bc05d38e600cb22e8984985335df1feac12e44a
-
SHA512
147b89dc5980149e53a8f7f1caa51185f443d2d779a8c20422b9a1fe5dc6c842c9ab4701b19c2dc5393cb530693ece583b09c370b6d229fbd84933af810f4df6
-
SSDEEP
49152:a4iktlQ2cj9ScADsiz76m0JVqeUYfHuv4mDrsdWE2hnKQ9nO1zdhBFMGIEdY/0/w:aXktlQQsE49UguAiu2cp1zjLddZ9QY
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1