General

  • Target

    RustStore_Setup.exe

  • Size

    3.5MB

  • Sample

    241004-dhgwwavdjf

  • MD5

    4e4c8bd71f7875fac184a95f79fb1327

  • SHA1

    e24f4fd00b568e2e278a1ec6f4b86181c393b025

  • SHA256

    e23b924ff1c1b8a67aebc3b98711c63e12832e2bdd41ff8a52b15685bfabfc6d

  • SHA512

    5b9f5592f364777fc1385b5a72699b39fc5f13b85fbfab24aef884d2446772a25cbc1cd6fc4c0716baf42259f6660f19511d603b17c4fcac736086cc15b3b2fa

  • SSDEEP

    49152:hbA3C8Gudp1YT4VZSN1w8QOQcN2nF1WUVVJgXg8zUXKnRvW7nXuc+u2nBomh:hbeZThZSY82n/TVVK/4X4+ruE2nOmh

Malware Config

Targets

    • Target

      RustStore_Setup.exe

    • Size

      3.5MB

    • MD5

      4e4c8bd71f7875fac184a95f79fb1327

    • SHA1

      e24f4fd00b568e2e278a1ec6f4b86181c393b025

    • SHA256

      e23b924ff1c1b8a67aebc3b98711c63e12832e2bdd41ff8a52b15685bfabfc6d

    • SHA512

      5b9f5592f364777fc1385b5a72699b39fc5f13b85fbfab24aef884d2446772a25cbc1cd6fc4c0716baf42259f6660f19511d603b17c4fcac736086cc15b3b2fa

    • SSDEEP

      49152:hbA3C8Gudp1YT4VZSN1w8QOQcN2nF1WUVVJgXg8zUXKnRvW7nXuc+u2nBomh:hbeZThZSY82n/TVVK/4X4+ruE2nOmh

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks