General
-
Target
3fc02228a6229bc91c086bc24899361b.bin
-
Size
3.4MB
-
Sample
240729-c1q2tsshla
-
MD5
63eec94d18f7b33e03a8c4b137ecc33a
-
SHA1
14f690ed0c9c99e413ba2ec1e54f5b84eee88552
-
SHA256
2ccade19af05451b16b8d78777c2c6a778c8327009c0e4c9117224275a0758f6
-
SHA512
b886dec6f8a897c12e05cdacaa24d5b328d181843665d3dfb61c96ad776264440b0114cc5b6445a00b090f5cad422accc6ad368b525d2193218e7ab2cafbd1b2
-
SSDEEP
98304:59dkLhy2GIr0Su4JNHa5Bcj/0QEH4XtBw3:59uL/V0aaID0QEH4u
Behavioral task
behavioral1
Sample
34be0ed06faf7cf7e8af122810e391dc4c09958bba1303a226103218b1c79710.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
34be0ed06faf7cf7e8af122810e391dc4c09958bba1303a226103218b1c79710.exe
-
Size
3.9MB
-
MD5
3fc02228a6229bc91c086bc24899361b
-
SHA1
3d33e93f771a1c77f2f01c2e15d52307f88d3bf0
-
SHA256
34be0ed06faf7cf7e8af122810e391dc4c09958bba1303a226103218b1c79710
-
SHA512
1dbaeaa5855fca79ddb44f0570e5e4282347919d1629d32a6df1f9bce0f198e38ebb461f68518754116a3fa650e6e4f9541ff09ca067b10218962c162fd7ef99
-
SSDEEP
98304:Vbbzx+3YGfZNMGFWmkukCbYvziRNPRmB58hSKHO:Vd+1RNXFWuksaf7
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3