General
-
Target
8820b3ddaf80f2556aa77d51ebcc49edd49a67f221a3f0b706d55fe3f96f638c
-
Size
1.4MB
-
Sample
241003-yj75nsxaqg
-
MD5
383c434239321daa6ddc7db5a806d13a
-
SHA1
bae5d3345fda20382e2b0749c2c2289c6787fccc
-
SHA256
8820b3ddaf80f2556aa77d51ebcc49edd49a67f221a3f0b706d55fe3f96f638c
-
SHA512
50002b755ec06e73b32c1e12b921e10b307b289113efab898e28adb919892804a022952d34926a834845868afe02a18137032c286fca25323027071941f18615
-
SSDEEP
24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
Behavioral task
behavioral1
Sample
8820b3ddaf80f2556aa77d51ebcc49edd49a67f221a3f0b706d55fe3f96f638c.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
8820b3ddaf80f2556aa77d51ebcc49edd49a67f221a3f0b706d55fe3f96f638c
-
Size
1.4MB
-
MD5
383c434239321daa6ddc7db5a806d13a
-
SHA1
bae5d3345fda20382e2b0749c2c2289c6787fccc
-
SHA256
8820b3ddaf80f2556aa77d51ebcc49edd49a67f221a3f0b706d55fe3f96f638c
-
SHA512
50002b755ec06e73b32c1e12b921e10b307b289113efab898e28adb919892804a022952d34926a834845868afe02a18137032c286fca25323027071941f18615
-
SSDEEP
24576:6Ipz2s/RGlw9qwD9TQkzTOfC0Bg/qa9Yyym2Iicp/4xc:6Qzulw0bg/qAymlV
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1