General
-
Target
497ac5eb72b62c3db2d5383bc2823bf38596e00d877ec7e9d572a94830f07a0e.exe
-
Size
1.4MB
-
Sample
241003-bref1a1cjd
-
MD5
3e40d7f0c47407447c1fa9be4ec0f714
-
SHA1
f8633060aa590db85a70e9d1ae220b220ed03a98
-
SHA256
497ac5eb72b62c3db2d5383bc2823bf38596e00d877ec7e9d572a94830f07a0e
-
SHA512
9fc81db6a6ddf93626529223d5ee8a13717fc3069d90eb66fad1ef9a3172b776578e844ead65bf8e6e334bc0ad82910a6844b99ca8643083f2d140d3aae767cf
-
SSDEEP
24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
Behavioral task
behavioral1
Sample
497ac5eb72b62c3db2d5383bc2823bf38596e00d877ec7e9d572a94830f07a0e.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
497ac5eb72b62c3db2d5383bc2823bf38596e00d877ec7e9d572a94830f07a0e.exe
-
Size
1.4MB
-
MD5
3e40d7f0c47407447c1fa9be4ec0f714
-
SHA1
f8633060aa590db85a70e9d1ae220b220ed03a98
-
SHA256
497ac5eb72b62c3db2d5383bc2823bf38596e00d877ec7e9d572a94830f07a0e
-
SHA512
9fc81db6a6ddf93626529223d5ee8a13717fc3069d90eb66fad1ef9a3172b776578e844ead65bf8e6e334bc0ad82910a6844b99ca8643083f2d140d3aae767cf
-
SSDEEP
24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1