General
-
Target
67d4c2f8c1b7a92444d2c75e058945da.exe
-
Size
3.8MB
-
Sample
241003-saz5ta1dpq
-
MD5
67d4c2f8c1b7a92444d2c75e058945da
-
SHA1
7756e70a03f29331f4675c6cff1ccbadad3115ae
-
SHA256
791d92ffb559abed9ec0f3266f5e0f2a98a5af1fab714f0b3b1b2548f05ca8b0
-
SHA512
46d7b11998578461ef4a134715284033104a9f5c669b8fc444130d1e4920d502299530ec3aee9c2c461d4a896a57e3931bae7758b00bbbb20604ba1272b1e1ba
-
SSDEEP
98304:Jbe4Q4p3Bahfbn/m0qNbf2xiXj9endx5fhTVlmhIr/Rc5:JZFp3BEmjNbT9udx5flnmhIDRc5
Behavioral task
behavioral1
Sample
67d4c2f8c1b7a92444d2c75e058945da.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
67d4c2f8c1b7a92444d2c75e058945da.exe
-
Size
3.8MB
-
MD5
67d4c2f8c1b7a92444d2c75e058945da
-
SHA1
7756e70a03f29331f4675c6cff1ccbadad3115ae
-
SHA256
791d92ffb559abed9ec0f3266f5e0f2a98a5af1fab714f0b3b1b2548f05ca8b0
-
SHA512
46d7b11998578461ef4a134715284033104a9f5c669b8fc444130d1e4920d502299530ec3aee9c2c461d4a896a57e3931bae7758b00bbbb20604ba1272b1e1ba
-
SSDEEP
98304:Jbe4Q4p3Bahfbn/m0qNbf2xiXj9endx5fhTVlmhIr/Rc5:JZFp3BEmjNbT9udx5flnmhIDRc5
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1