General
-
Target
785607a320f7338a45583ba5a4351cfc.bin
-
Size
2.4MB
-
Sample
240826-by1mtayhlk
-
MD5
f3c76bcead1831ff095b113a0cfe4aac
-
SHA1
f9187c62eb2abfb82a89c525f1595cc13a1b895f
-
SHA256
557c665f347b5b329b2143090a260da91341dd87bbd989b33e79bd7d7367b331
-
SHA512
dcec1c5ca5dc16b8814e20696c3f397db179d1a7665f4e7d82e19bd01574b71fc3944e104bdbfc39296c70e1b68dd27efe0012bc5fc5bae5c986725872984624
-
SSDEEP
49152:2RUQyGPuvi9PBYj+A7Aol7QvwIQ1icbopF9WmV1PSDMJ1/Fn9UvAuqV+Pz:26QaCPBy97AmQvwr1ippFlbaDMfLIr
Malware Config
Targets
-
-
Target
1353ef9da4acb986188b6aae8930ecd1618afc282c4f9d6a85b7f07412d93efd.exe
-
Size
2.9MB
-
MD5
785607a320f7338a45583ba5a4351cfc
-
SHA1
89ef702587884d38b07ebe0f7353e708d9569a62
-
SHA256
1353ef9da4acb986188b6aae8930ecd1618afc282c4f9d6a85b7f07412d93efd
-
SHA512
045dd570ee1276be438381228e3aa69a14b8c91fdf9a0a20faf12c6ebb448aae18fac897b796075c09acb2af09190eadccbf6fa3a73bb94ad8675c2e3729a3e6
-
SSDEEP
49152:UbA30ZgGhRYDGAYWw3l1J6ubWTUxs0UNOQ/rPRDQNtSLOGRw+zNlrN:UbyvDMWUHJ6uoU+EQ/rS+OG+0N
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2